[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability
From: karakorsankara@xxxxxxxxxxx
Date: 3 Feb 2010 15:04:39 -0000

Product:

AOL 9.5

Vulnerability:

File Parsing Heap-based Buffer Overflow

Description:

Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5
Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on "waol.exe"
Successful exploitation may allow execution of arbitrary code.

Credits:

Discovered by Celil 'karak0rsan' Unuver and murderkey from Hellcode Research

http://tcc.hellcode.net

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv009.txt

Prev by Date: [Suspected Spam]Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
Next by Date: [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS
Previous by thread: [CSO10002] Attachment path traversal in Outlook Web Access
Next by thread: [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS
Index(es):
- Date
- Thread