| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | QuickCam linux device driver allows arbitrary code execution |
| From: | sapheal@hack.pl |
| Date: | Fri, 29 Dec 2006 16:20:19 +0100 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Synopsis: QuickCam linux device driver arbitrary code execution Product: QuickCam Version: <=1.0.9 Issue/Details: ======== A critical security vulnerability has been found in QuickCam initialization function (qcamvc_video_init) of the protytype: static void qcamvc_video_init(struct qcamvc *qcamvc) The memory corruption conditions might lead to arbitrary code execution. Affected Versions ================= OpenSER <= 1.0.9 Solution ========= Proper boundary checking. Exploitation ============ Exploitation might be performed by the use of specially crafted QuickCam object. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | XSS in script Mobilelib GOLD v2, gamr-14 |
|---|---|
| Next by Date: | LDU <= 8.x (journal.php) SQL Injection Vulnerability, starext |
| Previous by Thread: | XSS in script Mobilelib GOLD v2, gamr-14 |
| Next by Thread: | LDU <= 8.x (journal.php) SQL Injection Vulnerability, starext |
| Indexes: | [Date] [Thread] [Top] [All Lists] |