lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 May 2004 09:00:13 -0700 (PDT) From: Cesar <cesarc56@...oo.com> To: NGSSoftware Insight Security Research <nisr@...software.com>, vulnwatch@...nwatch.org, bugtraq@...urityfocus.com Subject: [VulnDiscuss] Re: WildTangent Web Driver Long FileName Stack Overflow Hi. Just to mention that i found this long time ago, this overflows were mentioned as an example on my talk at Black Hat Windows 2004 about ActiveX: http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo.pdf Here in the examples you can see the reference to it on file WTHoster Class.html: http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo-examples.zip Cesar. --- NGSSoftware Insight Security Research <nisr@...software.com> wrote: > NGSSoftware Insight Security Research Advisory > > Name: WildTangent Web Driver Long FileName Stack > Overflow > Systems Affected: WildTangent Web Driver 4.0 > (earlier versions not tested) > Severity: High > Vendor URL: http://www.wildtangent.com > Author: Peter Winter-Smith [ peter@...software.com ] > Date Vendor Notified: 31th March 2004 > Date of Public Advisory: 27th May 2004 > Advisory number: #NISR27052004 > Advisory URL: > http://www.ngssoftware.com/advisories/wildtangent.txt > > > Description > *********** > > WildTangent provide high quality interactive media > technology to the > Internet in the form of their WebDriver. This is > used by some of the > largest companies and corporations world-wide to > provide advanced media > content to over 80 million users of their Internet > plug-in. > > > Details > ******* > > It is possible to cause a number of buffer overruns > within the WildTangent > package, namely within the WTHoster and WebDriver > modules, via any method __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
Powered by blists - more mailing lists