| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110411164932.ca297a09.aluigi@autistici.org> Date: Mon, 11 Apr 2011 16:49:32 +0100 From: Luigi Auriemma <aluigi@...istici.org> To: bugtraq@...urityfocus.com Subject: Vulnerabilities in Microsoft Reader and HIS Microsoft Reader is a PC/tablet software for reading the ebooks in LIT format and the Audible audio books. The following are a couple of integer overflows, an heap and an array indexing overflow and the writing of a NULL byte in an arbitrary memory location: http://aluigi.org/adv/msreader_1-adv.txt http://aluigi.org/adv/msreader_2-adv.txt http://aluigi.org/adv/msreader_3-adv.txt http://aluigi.org/adv/msreader_4-adv.txt http://aluigi.org/adv/msreader_5-adv.txt There are also some bugs in Microsoft Host Integration Server 2010 but they are only Denial of Service vulnerabilities like the crashing and the freezing of the services with CPU at 100%: http://aluigi.org/adv/snabase_1-adv.txt --- Luigi Auriemma http://aluigi.org
Powered by blists - more mailing lists