Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	53200
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 23 2012 12:00AM
Updated:	Mar 19 2015 08:49AM
Credit:	Shinnai
Vulnerable:	Amazon.com Mobipocket Reader 6.2 Build 608
Not Vulnerable:

Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability

Mobipocket Reader is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Mobipocket Reader 6.2 Build 608 is vulnerable; other versions may also be affected.

Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability

An attacker must entice an unsuspecting victim into opening a malicious file.

Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability

References:

• Mobipocket Reader Homepage (Amazon)
  
• Mobipocket Reader version 6.2 Build 608 Buffer Overflow (shinnai)
  
• Mobipocket Reader version 6.2 Build 608 Buffer Overflow (Carlo Di Dato)