Re: WildTangent Web Driver Long FileName Stack Overflow

From: Cesar (cesarc56_at_yahoo.com)
Date: 05/28/04

Next message: clez: "Re: [PHP] include() bypassing filter with php://input"

Previous message: Maciek Wierciski: "JPortal SQL Injects"
In reply to: NGSSoftware Insight Security Research: "WildTangent Web Driver Long FileName Stack Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 May 2004 09:00:13 -0700 (PDT)
To: NGSSoftware Insight Security Research <nisr@ngssoftware.com>, vulnwatch@vulnwatch.org, bugtraq@securityfocus.com

Hi.

Just to mention that i found this long time ago, this
overflows were mentioned as an example on my talk at
Black Hat Windows 2004 about ActiveX:
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo.pdf

Here in the examples you can see the reference to it
on file WTHoster Class.html:
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo-examples.zip

Cesar.
--- NGSSoftware Insight Security Research
<nisr@ngssoftware.com> wrote:
> NGSSoftware Insight Security Research Advisory
>
> Name: WildTangent Web Driver Long FileName Stack
> Overflow
> Systems Affected: WildTangent Web Driver 4.0
> (earlier versions not tested)
> Severity: High
> Vendor URL: http://www.wildtangent.com
> Author: Peter Winter-Smith [ peter@ngssoftware.com ]
> Date Vendor Notified: 31th March 2004
> Date of Public Advisory: 27th May 2004
> Advisory number: #NISR27052004
> Advisory URL:
>
http://www.ngssoftware.com/advisories/wildtangent.txt
>
>
> Description
> ***********
>
> WildTangent provide high quality interactive media
> technology to the
> Internet in the form of their WebDriver. This is
> used by some of the
> largest companies and corporations world-wide to
> provide advanced media
> content to over 80 million users of their Internet
> plug-in.
>
>
> Details
> *******
>
> It is possible to cause a number of buffer overruns
> within the WildTangent
> package, namely within the WTHoster and WebDriver
> modules, via any method

__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

Next message: clez: "Re: [PHP] include() bypassing filter with php://input"

Previous message: Maciek Wierciski: "JPortal SQL Injects"
In reply to: NGSSoftware Insight Security Research: "WildTangent Web Driver Long FileName Stack Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: [Full-Disclosure] MS03-039 has been released - critical
... I don't think the advisory claims that. ... That null-pointer bug was not fixed by the "old" Microsoft bulletin ... there are 2 distinct overflows, ...
(Full-Disclosure)
[Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
... This advisory does not have specific details, ... NLSPATH affects *all* the programs listed, ... Or maybe by "multiple overflows," the advisory meant ... - the type of vulnerability ...
(Full-Disclosure)
[Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
... This advisory does not have specific details, ... NLSPATH affects *all* the programs listed, ... Or maybe by "multiple overflows," the advisory meant ... - the type of vulnerability ...
(Full-Disclosure)
[Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
... This advisory does not have specific details, ... NLSPATH affects *all* the programs listed, ... Or maybe by "multiple overflows," the advisory meant ... - the type of vulnerability ...
(Full-Disclosure)
Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64
... This advisory does not have specific details, ... NLSPATH affects *all* the programs listed, ... Or maybe by "multiple overflows," the advisory meant ... - the type of vulnerability ...
(Bugtraq)