Re: WildTangent Web Driver Long FileName Stack Overflow

[Cesar <cesarc56 () yahoo com>]

Hi.

Just to mention that i found this long time ago, this
overflows were mentioned as an example on my talk at
Black Hat Windows 2004 about ActiveX:
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo.pdf

Here in the examples you can see the reference to it
on file WTHoster Class.html:
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo-examples.zip


Cesar.
--- NGSSoftware Insight Security Research
<nisr () ngssoftware com> wrote:
> NGSSoftware Insight Security Research Advisory
>
> Name: WildTangent Web Driver Long FileName Stack
> Overflow
> Systems Affected: WildTangent Web Driver 4.0
> (earlier versions not tested)
> Severity: High
> Vendor URL: http://www.wildtangent.com
> Author: Peter Winter-Smith [ peter () ngssoftware com ]
> Date Vendor Notified:    31th March 2004
> Date of Public Advisory: 27th May 2004
> Advisory number: #NISR27052004
> Advisory URL:
http://www.ngssoftware.com/advisories/wildtangent.txt
> Description
> ***********
>
> WildTangent provide high quality interactive media
> technology to the
> Internet in the form of their WebDriver. This is
> used by some of the
> largest companies and corporations world-wide to
> provide advanced media
> content to over 80 million users of their Internet
> plug-in.
>
>
> Details
> *******
>
> It is possible to cause a number of buffer overruns
> within the WildTangent
> package, namely within the WTHoster and WebDriver
> modules, via any method



        
                
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/