Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0323

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-0323
Last Modified 10 Feb 2009 02:00:05
Published 28 Jan 2009 03:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0323

Summary

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.

Vulnerable Systems

Application

  • W3 Amaya 0.9

  • W3 Amaya 0.95b

  • W3 Amaya 1.0

  • W3 Amaya 1.0a

  • W3 Amaya 1.1

  • W3 Amaya 1.1a

  • W3 Amaya 1.1c

  • W3 Amaya 1.2

  • W3 Amaya 1.2a

  • W3 Amaya 1.3

  • W3 Amaya 1.3a

  • W3 Amaya 1.3b

  • W3 Amaya 1.4

  • W3 Amaya 1.4a

  • W3 Amaya 10.0

  • W3 Amaya 11.0

  • W3 Amaya 2.0

  • W3 Amaya 2.1

  • W3 Amaya 2.2

  • W3 Amaya 2.3

  • W3 Amaya 2.4

  • W3 Amaya 3.0

  • W3 Amaya 3.1

  • W3 Amaya 3.2

  • W3 Amaya 3.2.1

  • W3 Amaya 4.0

  • W3 Amaya 4.1

  • W3 Amaya 4.2

  • W3 Amaya 4.2.1

  • W3 Amaya 4.3

  • W3 Amaya 4.3.1

  • W3 Amaya 4.3.2

  • W3 Amaya 5.0

  • W3 Amaya 5.1

  • W3 Amaya 5.2

  • W3 Amaya 5.3

  • W3 Amaya 6.0

  • W3 Amaya 6.1

  • W3 Amaya 6.2

  • W3 Amaya 6.3

  • W3 Amaya 6.4

  • W3 Amaya 7.0

  • W3 Amaya 7.1

  • W3 Amaya 7.2

  • W3 Amaya 8.0

  • W3 Amaya 8.1

  • W3 Amaya 8.1a

  • W3 Amaya 8.1b

  • W3 Amaya 8.2

  • W3 Amaya 8.3

  • W3 Amaya 8.4

  • W3 Amaya 8.5

  • W3 Amaya 8.52

  • W3 Amaya 8.6

  • W3 Amaya 8.7

  • W3 Amaya 8.7.1

  • W3 Amaya 8.7.2

  • W3 Amaya 8.8.1

  • W3 Amaya 8.8.3

  • W3 Amaya 8.8.4

  • W3 Amaya 8.8.5

  • W3 Amaya 9.0

  • W3 Amaya 9.1

  • W3 Amaya 9.2.1

  • W3 Amaya 9.3

  • W3 Amaya 9.4

  • W3 Amaya 9.5

  • W3 Amaya 9.52

  • W3 Amaya 9.53

  • W3 Amaya 9.54

  • W3 Amaya 9.55


References

XF - amaya-html-tags-bo(48325)

BUGTRAQ - 20090128 CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities

MILW0RM - 7902

MISC - http://www.coresecurity.com/content/amaya-buffer-overflows


Last Updated: 27 May 2016 10:50:12