We have received reports that several vulnerabilities have been discovered in XML library implementations when parsing XML data. These vulnerabilities were reported by Codenomicon Labs to CERT-FI which has been the main contact point with vendors to coordinate the remediation of these vulnerabilities. According to the CERT-FI advisory, if the application remains unpatched, the program can access memory out of bounds or can loop indefinitely leading to a denial of service and potentially code execution.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Teaching Comprehensive Packet Analysis in Ottawa, ON this coming September
Aug 8th 2009
8 years ago