Information Security all in one place!

Posts tagged “Buffer overflow

Cisco Security Advisory: Cisco WebEx Player – Buffer Overflow Vulnerabilities


The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually
installed for offline playback after downloading the application from
www.webex.com.

If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install anew version of the player after downloading the latest version from
www.webex.com.

Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex

 

 


Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability


Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability

Severity: High         Risk: High

Area of Impact: Drag & Drop – Message Box

Details of the Vulnerability:

Yahoo! Messenger Icon

Image via Wikipedia

A Buffer Overflow vulnerability has been detected on Yahoo Instant Messenger v11.5 client software.
The bug is located on the drag & drop message box function of the software when processing special crafted file transfers.
The vulnerability allows an local attacker to crash the software & all bound yahoo components.

Thus creating the buffer overflow

Proof of Concept: Testing purposes only!!

This vulnerability can be exploited by security enthusiasts. More details can be found here:

http://www.vulnerability-lab.com/get_content.php?id=432  
****The information provided in this advisory is provided as it is without any warranty.

Hack in Progress: Watch the vulnerability in action

No report from Yahoo as of yet. We will keep you posted on all the details.