Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1382

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1382
Last Modified 20 Apr 2010 01:37:12
Published 14 Jul 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1382

Summary

Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.

Vulnerable Systems

Application

  • Forkosh Mimetex 1.71


References

VUPEN - ADV-2009-1875

MISC - http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578

XF - mimetex-mimetex-bo(51794)

VUPEN - ADV-2010-0877

BUGTRAQ - 20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection

MISC - http://www.ocert.org/advisories/ocert-2009-010.html

SECUNIA - 35816

SECUNIA - 35752

MISC - http://scary.beasts.org/security/CESA-2009-009.html

FEDORA - FEDORA-2010-6546


Last Updated: 27 May 2016 10:50:33