Full Disclosure mailing list archives
Re: [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability
From: Jann Horn <jann () thejh net>
Date: Sun, 17 Nov 2013 16:12:26 +0100
On Sat, Nov 16, 2013 at 03:23:07PM +0100, Julien Ahrens wrote:
A buffer overflow vulnerability has been identified in Avira Secure Backup v1.0.0.1 Build 3616.
An attacker needs to force the victim to import an arbitrary .reg file in order to exploit the vulnerability.
Could you please elaborate on why this is a "vulnerability"? If I can convince someone to import random registry files, can't I just add some autorun entry or whatever?
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability Julien Ahrens (Nov 16)
- Re: [CVE-2013-6356] Avira Secure Backup v1.0.0.1 Multiple Registry Key Value Parsing Local Buffer Overflow Vulnerability Jann Horn (Nov 17)