lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060607002753.GA20024@hexview.com>
Date: Tue, 6 Jun 2006 17:27:53 -0700
From: vuln@...view.com
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [HV-LOW] Microsoft NetMeeting memory corruption
	(Brief)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Microsoft NetMeeting memory corruption (Brief)

Classification:
===============
Level: [LOW]-med-high-crit
ID: HEXVIEW*2006*06*06*01
URL: http://www.hexview.com/docs/20060606-1.txt

Overview:
=========
Microsoft NetMeeting is an application that provides multipoint 
audio/video conferencing and supporting services (desktop sharing,
whiteboard, remote control, file transfer) for Microsoft Windows platform.

Affected products:
==================
All tests were performed using Microsoft NetMeeting 3.01
No other products were tested.

Vulnerability Summary:
======================
The application insufficiently validates received data opening a possibility
to overwrite portions of application memory causing exceptions ranging from
null-pointer access to a possible code execution. At the time of writing
there is no working exploit. HexView tests confirmed that it is possible to
remotely terminate an active NetMeeting presentation by either crashing the
hosting application or causing it to consume 100% of CPU resources.

Vendor Status:
==============
Microsoft was notified on June 4th, 2005 and is supposedly investigating
the issue. HexView will release more details about the vulnerability
in a separate disclosure.

About HexView:
==============
HexView contributes to online security-related lists for over a decade.
The scope of our expertise spreads over Windows, Linux, Sun, MacOS platforms,
network applications, and embedded devices. We also offer a variety of
consulting services. For more information visit http://www.hexview.com

Distribution:
=============
This document may be freely distributed through any channels as long as
the contents are kept unmodified. Commercial use of the information in
the document is not allowed without written permission from HexView
signed by our pgp key. Please direct all questions to vtalk@...view.com

Feedback and comments:
======================
Feedback and questions about this disclosure are welcome at vtalk@...view.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEhhzMDPV1+KQrDqQRAr8RAJkByW0oaLkx8gxDcF1mJXnNME0+DwCeJyDk
C7CXaRx8ms20h43YBANw9sM=
=DTLx
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ