 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2009-0323 |
| Description: | Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.63357 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0323 Bugtraq: 20090128 CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500492/100/0/threaded https://www.exploit-db.com/exploits/7902 http://www.coresecurity.com/content/amaya-buffer-overflows XForce ISS Database: amaya-html-tags-bo(48325) https://exchange.xforce.ibmcloud.com/vulnerabilities/48325 |