Cellosoft Tokens Removechr() Stack Buffer Overflow Vulnerability
TITLE: Cellosoft Tokens Removechr() Stack Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 13 2007 12:00AM
UPDATE: Jun 13 2007 12:00AM
CREDIT: Haikz discovered this vulnerability.
VULNERABLE:
Cellosoft Tokens Object 2.0 6NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Cellosoft Tokens object extension is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code on systems that use the affected browser plug-in. A crash of the application or web browser may also be possible, but has not been confirmed.
Cellosoft Tokens 2.0.0.6 is vulnerable; other versions may also be affected.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
References
References:
- Cellosoft Tokens Object Homepage (Cellosoft)