Mandriva Linux Security Advisory 2010-189 - The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407. Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted this vulnerability exists because of an incorrect fix for CVE-2010-0407. Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.
ca04b9d82ecaa1a57c63c9c0250bdc8f52c49227e19296782cb07fa29de4139f