Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
2015年7月21日
危険度: : 中
CVE識別番号: CVE-2009-0689
概要
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1003908
Trend Micro Deep Security DPI Rule Name: 1003908 - Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
影響を受けるソフトウェア
- FreeBSD FreeBSD 6.4
- FreeBSD FreeBSD 7.2
- K-Meleon Project K-Meleon 1.5.3
- Mozilla Firefox 3.0.1
- Mozilla Firefox 3.0.10
- Mozilla Firefox 3.0.11
- Mozilla Firefox 3.0.12
- Mozilla Firefox 3.0.13
- Mozilla Firefox 3.0.14
- Mozilla Firefox 3.0.2
- Mozilla Firefox 3.0.3
- Mozilla Firefox 3.0.4
- Mozilla Firefox 3.0.5
- Mozilla Firefox 3.0.6
- Mozilla Firefox 3.0.7
- Mozilla Firefox 3.0.8
- Mozilla Firefox 3.0.9
- Mozilla Firefox 3.5
- Mozilla Firefox 3.5.1
- Mozilla Firefox 3.5.2
- Mozilla Firefox 3.5.3
- Mozilla Seamonkey 1.1.8
- NetBSD NetBSD 5.0
- OpenBSD OpenBSD 4.5