← back
CVE-2009-0323

CVE-2009-0323

EPSS 62.5%
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/7902unverifiedexploitdbwww.exploit-db.com/exploits/16548unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/48325https://www.exploit-db.com/exploits/7902http://www.coresecurity.com/content/amaya-buffer-overflowshttp://www.securityfocus.com/archive/1/500492/100/0/threaded