|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-10 | |
| Rule Name: | Amaya Browser V11.0 'bdo' Tag Overflow Vulnerability -1 (CVE-2009-0323) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. | |
| Impact: | A remote attacker can execute arbitrary code in the context of the application. | |
| Affected OS: | Windows | |
| Reference: | ExploitDB:7902 http://www.coresecurity.com/content/amaya-buffer-overflows http://www.securityfocus.com/archive/1/500492/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/48325 |
|
| Solutions |
|---|
| Upgrade to Amaya 11.1. |