Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
Data de publicação: 21 julho 2015
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2009-0689
Data do informe: 21 julho 2015
Descrição
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1003908
Trend Micro Deep Security DPI Rule Name: 1003908 - Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
Software infectado e versão:
- FreeBSD FreeBSD 6.4
- FreeBSD FreeBSD 7.2
- K-Meleon Project K-Meleon 1.5.3
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.11
- Mozilla Firefox 3.0.12
- Mozilla Firefox 3.0.13
- Mozilla Firefox 3.0.14
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.5
- Mozilla Firefox 3.5.1
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3
- Mozilla Seamonkey 1.1.8
- NetBSD NetBSD 5.0
- OpenBSD OpenBSD 4.5