CVE-2010-0407

Name of the Vulnerable Software and Affected Versions PCSC-Lite versions prior to 1.5.4

Description The issue is related to multiple buffer overflows in the MSGFunctionDemarshall function in winscard svc.c in the PC/SC Smart Card daemon. This can allow local users to gain privileges via crafted message data, which is improperly demarshalled. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the PC/SC Smart Card daemon to minimize the risk of exploitation.