CVE-2007-0653

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2007-0653 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Sven Krewitt, Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2007-47/

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2007-0653

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* xmms version 1.2.10 (Linux)

1) An integer underflow error exists in the processing of skin bitmap images. This can be exploited to cause a stack-based buffer overflow via specially crafted skin images containing manipulated header information.

Successful exploitation allows execution of arbitrary code.

CVE Information:
CVE-2007-0653

2) An integer overflow error exists in the processing of skin bitmap images. This can be exploited to cause memory corruption via specially crafted skin images containing manipulated header information.

Successful exploitation may allow the execution of arbitrary code.

CVE Information:
CVE-2007-0653

Solution:
Do not install skins from untrusted sources.

Time Table:
06/02/2007 - Vendor notified (Red Hat and the vendor-sec list).
06/02/2007 - Vendor response.
21/03/2007 - Public disclosure.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus