|
|||
Rule General Information |
---|
Release Date: | 2014-12-10 | |
Rule Name: | Amaya Browser V11.0 'bdo' Tag Overflow Vulnerability -1 (CVE-2009-0323) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. | |
Impact: | A remote attacker can execute arbitrary code in the context of the application. | |
Affected OS: | Windows | |
Reference: | ExploitDB:7902 http://www.coresecurity.com/content/amaya-buffer-overflows http://www.securityfocus.com/archive/1/500492/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/48325 |
|
Solutions |
---|
Upgrade to Amaya 11.1. |