PT-2012-2948 · Renren · Renren Talk
Publicado
2012-01-24
·
Atualizado
2012-01-25
·
CVE-2012-0916
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RenRen Talk version 2.9
Description
A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted image in a chat message. This can be achieved by sending a specially crafted PNG file.
Recommendations
For RenRen Talk version 2.9, consider avoiding the use of image files in chat messages until a patch is available. As a temporary workaround, restrict the ability to send or receive images in chat messages to minimize the risk of exploitation.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Renren Talk