Bugtraq mailing list archives
QuickCam linux device driver allows arbitrary code execution
From: sapheal () hack pl
Date: Fri, 29 Dec 2006 16:20:19 +0100
Synopsis: QuickCam linux device driver arbitrary code execution Product: QuickCam Version: <=1.0.9 Issue/Details: ======== A critical security vulnerability has been found in QuickCam initialization function (qcamvc_video_init) of the protytype: static void qcamvc_video_init(struct qcamvc *qcamvc) The memory corruption conditions might lead to arbitrary code execution. Affected Versions ================= OpenSER <= 1.0.9 Solution ========= Proper boundary checking. Exploitation ============ Exploitation might be performed by the use of specially crafted QuickCam object.
Current thread:
- QuickCam linux device driver allows arbitrary code execution sapheal (Dec 29)