‫ IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

IRCAD2012021755
ID: IRCAD2012021755
Release Date: 2012-02-29
Criticality level: Highly critical
 
Software:
IBM Personal Communications 5.x
IBM Personal Communications 6.x
 
Description:
A vulnerability has been reported in IBM Personal Communications, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in pcspref.dll when processing WorkStation profiles and can be exploited to cause a stack-based buffer overflow via a specially crafted ".ws" file.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vulnerability is reported in versions 5.9.0 through 5.9.7 and 6.0.0 through 6.0.3.
 
Solution
Apply APAR IC81539 or update to version 6.0.4.
 
References:
IBM:
ISS X-Force:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها:0