AOH :: HP Unsorted A :: B06-1578.HTM

Amaya 9.4 stack based buffer overflow vulnerability



Stack Based Buffer Overflow Vulnerability in Amaya 9.4
Stack Based Buffer Overflow Vulnerability in Amaya 9.4



-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

 ---------------------------------------------------
| BuHa Security-Advisory #10    |    Apr 12th, 2006 |
 ---------------------------------------------------
| Vendor   | W3C's Amaya                            |
| URL | http://www.w3.org/Amaya/ | 
| Version  | <= 9.4                                 |
| Risk     | Critical (Remote Code Execution)       |
 ---------------------------------------------------

o Description:
============
The current releases, Amaya 9.5, is available for Linux, Windows and
now MacOS X (see screenshot). It supports HTML 4.01, XHTML 1.0, XHTML
Basic, XHTML 1.1, HTTP 1.1, MathML 2.0, many CSS 2 features, and
includes SVG support (transformation, transparency, and SMIL animation).

See the "Amaya Overview" page [1] for more details.

o Stack overflow:
===============
Both of the two below posted code snippets (in fact there are dozens
of possible snippets but all of them trigger the same bug) force
Amaya 9.4 to crash:
> 
>  [...]
>