标题: Virtools Web Player Buffer Overflow and Directory Traversal Vulnerabilities [打印本页] 作者: 会飞的鱼 时间: 2011-10-21 16:40 标题: Virtools Web Player Buffer Overflow and Directory Traversal Vulnerabilities
概要: Luigi Auriemma 报道了二个Virtools web player弱点 ,恶意人可能潜在地由此攻击用户系统。
Virtools Web Player Buffer Overflow and Directory Traversal Vulnerabilities
Secunia Advisory: SA17034
Release Date: 2005-10-03
Critical:
Moderately critical
Impact: Security Bypass
System access
Where: From remote
Solution Status: Vendor Patch
Software: Virtools Web Player 3.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Luigi Auriemma has reported two vulnerabilities in Virtools Web Player, which potentially can be exploited by malicious people to compromise a user's system.
1) A boundary error when handling a ".vmo" file that contains a file with an overly long filename can be exploited to cause a buffer overflow and may allow arbitrary code***cution.
2) A directory traversal error when handling a ".vmo" file that contains a file with directory traversal sequences in its filename can be exploited to create or overwrite arbitrary files on the system.
Successful exploitation requires that the user is e.g. tricked into following a link to a malicious ".vmo" file in the browser.
The vulnerabilities have been reported in version 3.0.0.100 and prior.