Full Disclosure mailing list archives

Re: PowerDVD <= 4.0 local exploit

From: Bernhard Mueller <research () sec-consult com>
Date: Fri, 05 Aug 2005 20:22:24 +0200

edward GAGNON wrote:

int main(int argc, char *argv[])
{

char cmd[500];

[...]

path = argv[1];

sprintf(cmd, "%s ", path);


classical stack overflow ;)

-- 
_____________________________________________________

~  DI (FH) Bernhard Mueller
~  IT Security Consultant

~  SEC-Consult Unternehmensberatung GmbH
~  www.sec-consult.com

~  A-1080 Wien  Blindengasse 3
~  Tel:   +43/676/840301718
~  Fax:   +43/(0)1/4090307-590
______________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

PowerDVD <= 4.0 local exploit edward GAGNON (Aug 05)
- Re: PowerDVD <= 4.0 local exploit Bernhard Mueller (Aug 05)