The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OES

computer vulnerability alert CVE-2011-1024 CVE-2011-1025 CVE-2011-1081

OpenLDAP: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of OpenLDAP can be used by an attacker to bypass the authentication, or to stop the service.
Impacted products: Fedora, Mandriva Linux, NLD, OES, OpenLDAP, openSUSE, RHEL, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/02/2011.
Revision date: 28/02/2011.
Identifiers: 6607, 6661, 6768, BID-46363, BID-46831, CVE-2011-1024, CVE-2011-1025, CVE-2011-1081, FEDORA-2011-3627, MDVSA-2011:055, MDVSA-2011:056, openSUSE-SU-2011:0356-1, openSUSE-SU-2011:0359-1, openSUSE-SU-2011:0363-1, RHSA-2011:0346-01, RHSA-2011:0347-01, SUSE-SR:2011:007, VIGILANCE-VUL-10366.

Description of the vulnerability

Three vulnerabilities were announced in OpenLDAP.

When ppolicy is configured with ppolicy_forward_updates, an attacker can authenticate on slapd-ldap without knowing the password. [severity:2/4; 6607, BID-46363, CVE-2011-1024]

An attacker can authenticate on slapd-ndb without knowning the rootpw password indicated in the slapd.conf file. [severity:2/4; 6661, BID-46363, CVE-2011-1025]

An attacker can request a modification of a RDN (Relative Distinguished Name, MODRDN) with an empty name, in order to stop the service. [severity:2/4; 6768, BID-46831, CVE-2011-1081]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-1071

glibc: memory corruption via fnmatch

Synthesis of the vulnerability

When an attacker can transmit a value to the fnmatch() function of the glibc, he can corrupt the memory of the application.
Impacted products: BIG-IP Hardware, TMOS, Mandriva Linux, NLD, OES, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: user shell.
Creation date: 28/02/2011.
Identifiers: 11883, CERTFR-2014-AVI-502, CVE-2011-1071, ESX400-201110001, ESX400-201110401-SG, ESX400-201110403-SG, ESX400-201110406-SG, ESX400-201110408-SG, ESX400-201110409-SG, ESX400-201110410-SG, ESXi400-201110001, ESXi400-201110401-SG, ESXi400-201110402-BG, MDVSA-2011:178, RHSA-2011:0412-01, RHSA-2012:0125-01, SOL15885, SUSE-SU-2011:0701-1, SUSE-SU-2011:0702-1, SUSE-SU-2011:0703-1, SUSE-SU-2011:0704-1, VIGILANCE-VUL-10403, VMSA-2011-0004.2, VMSA-2011-0009.1, VMSA-2011-0009.2, VMSA-2011-0009.3, VMSA-2011-0010, VMSA-2011-0010.1, VMSA-2011-0010.2, VMSA-2011-0012, VMSA-2011-0012.1, VMSA-2011-0012.2, VMSA-2011-0013, VMSA-2012-0005.

Description of the vulnerability

The fnmatch() function of the glibc checks if a string matches a pattern:
  fnmatch(pattern, string, flags);
For example:
  if (fnmatch("*.txt", "file.txt", 0)) ...

This function calls alloca() in order to allocate a memory area in the stack to store the string. However, if the size of the string (multiplied by four) is superior to the stack size, an integer overflows, and data overwrites the stack content.

When an attacker can transmit a value to the fnmatch() function of the glibc, he can therefore corrupt the memory of the application. The attacker can then stop this application or execute code with its privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-0707

Mailman: Cross Site Scripting via confirm.py

Synthesis of the vulnerability

An attacker can use the Mailman confirmation page, in order to generate a Cross Site Scripting.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/02/2011.
Identifiers: 677375, BID-46464, CVE-2011-0707, DSA-2170-1, FEDORA-2011-2102, FEDORA-2011-2125, MDVSA-2011:036, openSUSE-SU-2011:0312-1, openSUSE-SU-2011:0424-1, RHSA-2011:0307-01, RHSA-2011:0308-01, SUSE-SR:2011:007, SUSE-SR:2011:009, VIGILANCE-VUL-10381.

Description of the vulnerability

The Mailman program is a mailing-list manager with a web interface.

The Mailman/Cgi/confirm.py script processes confirmation messages:
 - confirmation of unsubscription
 - confirmation of email address change
 - confirmation to re-enable the membership of a mailing-list

However, this script does not filter the field containing the full name of the user.

An attacker can therefore use the Mailman confirmation page, in order to generate a Cross Site Scripting.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-4328

Novell Open Enterprise Server: code execution via iPrint

Synthesis of the vulnerability

A network attacker can send a malicious query to Novell iPrint Server, in order to execute code.
Impacted products: OES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 11/02/2011.
Revision date: 17/02/2011.
Identifiers: 7007858, BID-46309, CERTA-2011-AVI-088, CVE-2010-4328, VIGILANCE-VUL-10362, ZDI-11-087, ZDI-CAN-1008.

Description of the vulnerability

The Novell iPrint Server centralizes printing features.

The ilprsrvd service listens on port 515/tcp. Opcodes parameters received on this service are transmitted to /opt/novell/iprint/bin/ipsmd, which does not check their size. A buffer overflow thus occurs.

A network attacker can therefore send a malicious query to Novell iPrint Server, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-0713

Wireshark: buffer overflow via dct3trace

Synthesis of the vulnerability

An attacker can invite the victim to open a DCT3 capture with Wireshark, in order to create an overflow, leading to a denial of service or to code execution.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 16/02/2011.
Identifiers: BID-46416, CERTA-2011-AVI-169, CVE-2011-0713, DSA-2201-1, FEDORA-2011-2620, FEDORA-2011-2632, MDVSA-2011:044, RHSA-2011:0369-01, SUSE-SR:2011:007, VIGILANCE-VUL-10374.

Description of the vulnerability

Nokia mobiles generate network capture files in DCT3 format.

The wiretap library of Wireshark implements the support of DCT3 in the dct3trace.c file.

The dct3trace_seek_read() function of dct3trace.c reads packets located at a precise offset in the DCT3 file. However, this function does not check the size of the packet before copying it in an array of size MAX_PACKET_LEN.

An attacker can therefore invite the victim to open a DCT3 capture with Wireshark, in order to create an overflow, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-4422 CVE-2010-4447 CVE-2010-4448

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Debian, Fedora, HPE NNMi, HP-UX, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, vCenter Server, VMware vSphere.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 16/02/2011.
Identifiers: BID-46091, BID-46386, BID-46387, BID-46388, BID-46391, BID-46393, BID-46394, BID-46395, BID-46397, BID-46398, BID-46399, BID-46400, BID-46401, BID-46402, BID-46403, BID-46404, BID-46405, BID-46406, BID-46407, BID-46409, BID-46410, BID-46411, c02775276, c03316985, c03358587, c03405642, CERTA-2003-AVI-001, CERTA-2011-AVI-079, CERTA-2011-AVI-093, CERTA-2011-AVI-118, CERTA-2011-AVI-196, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476, DSA-2224-1, FEDORA-2011-1631, FEDORA-2011-1645, HPSBMU02797, HPSBMU02799, HPSBUX02685, HPSBUX02777, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, openSUSE-SU-2011:0155-1, RHSA-2011:0281-01, RHSA-2011:0282-01, RHSA-2011:0335-01, RHSA-2011:0357-01, RHSA-2011:0364-01, RHSA-2011:0490-01, RHSA-2011:0870-01, RHSA-2011:0880-01, SSRT100505, SSRT100854, SSRT100867, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SA:2011:024, SUSE-SR:2011:008, SUSE-SU-2011:0490-1, SUSE-SU-2011:0823-1, VIGILANCE-VUL-10368, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2011-0013.1, VMSA-2012-0005, ZDI-11-082, ZDI-11-083, ZDI-11-084, ZDI-11-085, ZDI-11-086.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of Deployment Applet2ClassLoader, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46388, CVE-2010-4452, ZDI-11-084]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46391, CVE-2010-4454]

An attacker can use an overflow in Sound XGetSamplePtrFromSnd, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46394, CVE-2010-4462, ZDI-11-085]

An attacker can use a vulnerability of Deployment JNLP Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46386, CVE-2010-4463, ZDI-11-086]

An attacker can use a vulnerability of Swing Clipboard, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46406, CVE-2010-4465, ZDI-11-083]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46395, CVE-2010-4467]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46400, CVE-2010-4469]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46403, CVE-2010-4473]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-46402, CERTA-2011-AVI-093, CVE-2010-4422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-46405, CVE-2010-4451]

An attacker can use a vulnerability of Deployment, in order to obtain information on the NTLM authentication. [severity:2/4; BID-46411, CVE-2010-4466, ZDI-11-082]

An attacker can use a vulnerability of JAXP, in order to create a denial of service. [severity:2/4; BID-46387, CVE-2010-4470]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-46399, CVE-2010-4471]

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs (VIGILANCE-VUL-10321). [severity:3/4; BID-46091, BID-46401, CERTA-2011-AVI-079, CERTA-2011-AVI-118, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CVE-2010-4476]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-46409, CVE-2010-4447]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-46410, CVE-2010-4475]

An attacker can use a vulnerability of JDBC, in order to obtain or alter information. [severity:2/4; BID-46393, CVE-2010-4468]

An attacker can use a vulnerability of Launcher, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-46397, CVE-2010-4450]

An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack (VIGILANCE-VUL-11087). [severity:2/4; BID-46398, CVE-2010-4448]

An attacker can use a vulnerability of XML Digital Signature, in order to create a denial of service. [severity:2/4; BID-46404, CVE-2010-4472]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; BID-46407, CVE-2010-4474]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-0538

Wireshark: memory corruption via pcap-ng

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious pcap-ng file with Wireshark, in order to free uninitialized memory, which leads to a denial of service and possibly to code execution.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Wireshark.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 04/02/2011.
Identifiers: 5652, BID-46167, CERTA-2011-AVI-169, CVE-2011-0538, DSA-2201-1, FEDORA-2011-2620, FEDORA-2011-2632, MDVSA-2011:044, RHSA-2011:0369-01, RHSA-2011:0370-01, SUSE-SR:2011:007, VIGILANCE-VUL-10327.

Description of the vulnerability

The pcap-ng file format stores captured packets.

When Wireshark opens a malformed pcap-ng file, an error occurs, it is displayed and then the memory area storing the error message is freed. However, in three cases, the error message pointer is not initialized. Its freeing thus corrupts the memory.

An attacker can therefore invite the victim to open a malicious pcap-ng file with Wireshark, in order to free uninitialized memory, which leads to a denial of service and possibly to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-0536

glibc: privilege elevation via PATH and ORIGIN

Synthesis of the vulnerability

A local attacker can use the PATH/RPATH variable and $ORIGIN, in order to obtain privileges of suid/sgid programs.
Impacted products: Debian, Mandriva Linux, NLD, OES, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 04/02/2011.
Identifiers: BID-64465, CERTA-2002-AVI-272, CVE-2011-0536, DSA-2122-1, DSA-2122-2, ESX400-201110001, ESX400-201110401-SG, ESX400-201110403-SG, ESX400-201110406-SG, ESX400-201110408-SG, ESX400-201110409-SG, ESX400-201110410-SG, ESXi400-201110001, ESXi400-201110401-SG, ESXi400-201110402-BG, MDVSA-2011:178, RHSA-2011:0412-01, RHSA-2011:0413-01, SUSE-SU-2011:0701-1, SUSE-SU-2011:0702-1, SUSE-SU-2011:0703-1, SUSE-SU-2011:0704-1, VIGILANCE-VUL-10324, VMSA-2011-0004.2, VMSA-2011-0009.1, VMSA-2011-0009.2, VMSA-2011-0009.3, VMSA-2011-0010, VMSA-2011-0010.1, VMSA-2011-0010.2, VMSA-2011-0012, VMSA-2011-0012.1, VMSA-2011-0012.2, VMSA-2011-0013, VMSA-2012-0005.

Description of the vulnerability

The VIGILANCE-VUL-10050 bulletin describes a vulnerability related to the LD_AUDIT environment variable.

The PATH and RPATH environment variables are also impacted by the same vulnerability.

A local attacker can therefore use the PATH/RPATH variable and $ORIGIN, in order to obtain privileges of suid/sgid programs.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-4476

Java JRE: denial of service via a real

Synthesis of the vulnerability

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs.
Impacted products: Debian, Fedora, HPE BAC, HPE NNMi, OpenView, OpenView NNM, Tru64 UNIX, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, JBoss AS OpenSource, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Oracle iPlanet Web Server, Java Oracle, Oracle Web Tier, RHEL, JBoss EAP by Red Hat, SLES.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/02/2011.
Identifiers: 1468291, BID-46091, c02729756, c02738573, c02746026, c02752210, c02775276, c02826781, c02906075, c03090723, c03316985, CERTA-2002-AVI-271, CERTA-2012-AVI-286, cpuapr2011, CVE-2010-4476, DSA-2161-1, DSA-2161-2, FEDORA-2011-1231, FEDORA-2011-1263, HPSBMU02690, HPSBTU02684, HPSBUX02633, HPSBUX02641, HPSBUX02642, HPSBUX02645, HPSBUX02685, HPSBUX02725, HPSBUX02777, IZ94331, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, PM32175, PM32177, PM32184, PM32192, PM32194, RHSA-2011:0210-01, RHSA-2011:0211-01, RHSA-2011:0212-01, RHSA-2011:0213-01, RHSA-2011:0214-01, RHSA-2011:0282-01, RHSA-2011:0290-01, RHSA-2011:0291-01, RHSA-2011:0292-01, RHSA-2011:0299-01, RHSA-2011:0333-01, RHSA-2011:0334-01, RHSA-2011:0336-01, RHSA-2011:0348-01, RHSA-2011:0349-01, RHSA-2011:0880-01, SSRT100387, SSRT100390, SSRT100412, SSRT100415, SSRT100505, SSRT100569, SSRT100627, SSRT100854, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SR:2011:008, SUSE-SU-2011:0823-1, swg21469266, swg24030066, swg24030067, VIGILANCE-VUL-10321.

Description of the vulnerability

The number 2.2250738585072011e-308 if the "largest subnormal double number" (in base 2 : 0x0fffffffffffff x 2^-1022).

On a x86 processor, the Java JRE uses x87 FPU registers (80 bit), in order to find bit-after-bit the closest real value. This loop stops when the remainder is inferior to the precision. However, with the number 2.225..., this stop condition is never true (80 bit rounded to 64 bit), and an infinite loop occurs.

An attacker can therefore use a special double floating point number, in order to create an infinite loop in Java programs.

The origin of this vulnerability is the same as VIGILANCE-VUL-10257.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-2935 CVE-2010-2936 CVE-2010-3450

OpenOffice.org: several vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious document with OpenOffice.org, in order to execute code on his computer.
Impacted products: OpenOffice, Debian, Fedora, Mandriva Linux, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 26/01/2011.
Revision date: 27/01/2011.
Identifiers: BID-43841, BID-43845, BID-44779, BID-45617, BID-46031, CERTA-2002-AVI-280, CERTA-2010-AVI-479, CERTA-2010-AVI-549, CERTA-2011-AVI-039, CERTA-2011-AVI-243, CERTA-2012-AVI-237, cpuapr2011, CVE-2010-2935, CVE-2010-2936, CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-3702, CVE-2010-3704, CVE-2010-4008, CVE-2010-4253, CVE-2010-4494, CVE-2010-4643, DSA-2151-1, FEDORA-2011-0837, MDVSA-2011:027, openSUSE-SU-2011:0336-1, openSUSE-SU-2011:0337-1, RHSA-2011:0181-01, RHSA-2011:0182-01, RHSA-2011:0183-01, SUSE-SR:2011:007, VIGILANCE-VUL-10308.

Description of the vulnerability

Several vulnerabilities were announced in OpenOffice.org.

An attacker can create a malicious OpenOffice.org Impress/PowerPoint document, and invite the victim to open it, in order to execute code on his computer (VIGILANCE-VUL-9813). [severity:3/4; CERTA-2011-AVI-039, CERTA-2011-AVI-243, CVE-2010-2935, CVE-2010-2936]

An attacker can invite the victim to open a malicious XML filter or extension, in order to create a file on his computer. [severity:2/4; CVE-2010-3450]

A malicious RTF file generates a buffer overflow, leading to code execution. [severity:3/4; CVE-2010-3451]

A RTF file with a malicious pnseclvl field leads to code execution. [severity:3/4; CVE-2010-3452]

A Word document can use the WW8ListManager::WW8ListManager() function, in order to corrupt the memory, which leads to code execution. [severity:3/4; CVE-2010-3453]

A Word document can use the WW8DopTypography::ReadFromMem() function, in order to corrupt the memory, which leads to code execution. [severity:3/4; CVE-2010-3454]

The soffice script does not correctly process the LD_LIBRARY_PATH variable, and it can load a malicious library in the current directory, which leads to code execution. [severity:2/4; CVE-2010-3689]

An attacker can invite the victim to import a malicious PDF document leading to a denial of service and possibly to code execution (VIGILANCE-VUL-10011). [severity:2/4; BID-43841, BID-43845, CERTA-2010-AVI-479, CVE-2010-3702, CVE-2010-3704]

An attacker can use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code (VIGILANCE-VUL-10117). [severity:3/4; BID-44779, CERTA-2010-AVI-549, CERTA-2012-AVI-237, CVE-2010-4008]

An attacker can use the XPath language to corrupt the libxml2 memory, in order to create a denial of service or to execute code (VIGILANCE-VUL-10237). [severity:3/4; BID-45617, CVE-2010-4494]

An attacker can invite the victim to open a document containing a malicious PNG image, in order to generate a buffer overflow. [severity:3/4; CVE-2010-4253]

An attacker can invite the victim to open a document containing a malicious TGA image, in order to generate a buffer overflow. [severity:3/4; CVE-2010-4643]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OES: