---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: ArcSoft MMS Composer Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA21426 VERIFY ADVISORY: http://secunia.com/advisories/21426/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: ArcSoft MMS Composer 2.x http://secunia.com/product/11340/ ArcSoft MMS Composer 1.x http://secunia.com/product/11339/ DESCRIPTION: Collin Mulliner and Prof. Giovanni Vigna have reported some vulnerabilities in ArcSoft MMS Composer, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. The vulnerabilities are caused due to various boundary errors in the processing of MMS (Multimedia Messaging Service) messages in the M-Notification.ind, M-Retrieve.conf, and SMIL parsers. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted MMS message or by sending a malicious message through a wireless connection via port 2948/udp. Successful exploitation causes a crash or allows execution of arbitrary code. It has also been reported that it is possible to send multiple messages to an affected device through a wireless connection via WAPPush via port 2948/udp. The vulnerabilities have been reported in versions 1.5.5.6 and 2.0.0.13. Other versions may also be affected. SOLUTION: Do not open MMS messages from untrusted sources and connect to trusted wireless networks only. PROVIDED AND/OR DISCOVERED BY: Collin Mulliner and Prof. Giovanni Vigna. ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048614.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------