IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability
BID:29932
Info
IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 29932 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | Jun 26 2008 05:20PM |
| Credit: | Paul Kurczaba |
| Vulnerable: |
IBM AFP Viewer 3.2.1 .1 IBM AFP Viewer 2.0.7 .1 |
| Not Vulnerable: |
IBM AFP Viewer 3.4.1 .7 |
Discussion
IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability
The IBM AFP Viewer plugin is prone to a heap-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious AFP files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected software, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.
IBM AFP Viewer 2.0.7.1 and 3.2.1.1 are vulnerable; other versions may also be affected.
The IBM AFP Viewer plugin is prone to a heap-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious AFP files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected software, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.
IBM AFP Viewer 2.0.7.1 and 3.2.1.1 are vulnerable; other versions may also be affected.
Exploit / POC
IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability
Solution:
AFP Viewer 3.4.1.7 was released to address this issue. Please see the references for more information.
IBM AFP Viewer 2.0.7 .1
IBM AFP Viewer 3.2.1 .1
Solution:
AFP Viewer 3.4.1.7 was released to address this issue. Please see the references for more information.
IBM AFP Viewer 2.0.7 .1
-
IBM AFP Viewer Current Version 3.4.1.7
ftp://service.software.ibm.com/printers/products/workbench/windows/ser vice/gnsp32dm.exe
IBM AFP Viewer 3.2.1 .1
-
IBM AFP Viewer Current Version 3.4.1.7
ftp://service.software.ibm.com/printers/products/workbench/windows/ser vice/gnsp32dm.exe
References
IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability
References:
References: