CVE-2009-4902

Name of the Vulnerable Software and Affected Versions MUSCLE PCSC-Lite versions 1.5.4 and earlier

Description A buffer overflow issue exists in the MSGFunctionDemarshall function in winscard svc.c, which is part of the PC/SC Smart Card daemon. This could allow local users to gain privileges by sending crafted SCARD CONTROL message data that is not properly demarshalled.

Recommendations For MUSCLE PCSC-Lite versions 1.5.4 and earlier, consider restricting access to the MSGFunctionDemarshall function until a proper fix is applied. As a temporary workaround, avoid using the SCARD CONTROL message with crafted data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.