Secunia Security Advisory - Collin Mulliner and Prof. Giovanni Vigna have reported some vulnerabilities in ArcSoft MMS Composer, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
a5529f13d059f1ea53007a076a7b58886338d3d532d08f66c074097d4e4e42dc
----------------------------------------------------------------------
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff?
Want to write PoC's and Exploits?
Your nationality is not important.
We will get you a work permit, find an apartment, and offer a
relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
ArcSoft MMS Composer Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA21426
VERIFY ADVISORY:
http://secunia.com/advisories/21426/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
ArcSoft MMS Composer 2.x
http://secunia.com/product/11340/
ArcSoft MMS Composer 1.x
http://secunia.com/product/11339/
DESCRIPTION:
Collin Mulliner and Prof. Giovanni Vigna have reported some
vulnerabilities in ArcSoft MMS Composer, which can be exploited by
malicious people to cause a DoS (Denial of Service) or compromise a
user's system.
The vulnerabilities are caused due to various boundary errors in the
processing of MMS (Multimedia Messaging Service) messages in the
M-Notification.ind, M-Retrieve.conf, and SMIL parsers. This can be
exploited to cause a stack-based buffer overflow by e.g. tricking a
user into viewing a specially crafted MMS message or by sending a
malicious message through a wireless connection via port 2948/udp.
Successful exploitation causes a crash or allows execution of
arbitrary code.
It has also been reported that it is possible to send multiple
messages to an affected device through a wireless connection via
WAPPush via port 2948/udp.
The vulnerabilities have been reported in versions 1.5.5.6 and
2.0.0.13. Other versions may also be affected.
SOLUTION:
Do not open MMS messages from untrusted sources and connect to
trusted wireless networks only.
PROVIDED AND/OR DISCOVERED BY:
Collin Mulliner and Prof. Giovanni Vigna.
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------