فا

‫ Novell Messenger Client Contact File Processing Buffer Overflow Vulnerability

IRCAD2012021747
ID: IRCAD2012021747
Release Date: 2012-02-21
Criticality level: Highly critical
Software: Novell Messenger Client 2.x
 
Description:
Luigi Auriemma has discovered a vulnerability in Novell Messenger Client, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing the "name" value of a "folder" tag. This can be exploited to cause a stack-based buffer overflow via a specially crafted contact list file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening or importing a malicious file.
The vulnerability is confirmed in version 2.1.0. Other versions may also be affected.
 
Solution:
Do not open or import contact list files from untrusted sources.
 
Sources:
 
Secunina:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 4 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها:0