Update: Clients buffer-overflow in Live for Speed 0.5X10

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Update: Clients buffer-overflow in Live for Speed 0.5X10
From: Luigi Auriemma <aluigi@xxxxxxxxxxxxx>
Date: Mon, 24 Dec 2007 18:22:17 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

New patch, old bug.

The Y patch has been released a couple of days ago but the lfscbof
buffer-overflow vulnerability is still there, so any player can crash the
others using the same old proof-of-concept I released two months and
half ago:

  http://aluigi.org/adv/lfscbof-adv.txt
  http://www.youtube.com/watch?v=jZea65fOhPY


--- 
Luigi Auriemma
http://aluigi.org

Prev by Date: SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability
Next by Date: Buffer-overflow and format string in VideoLAN VLC 0.8.6d
Previous by thread: SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability
Next by thread: Buffer-overflow and format string in VideoLAN VLC 0.8.6d
Index(es):
- Date
- Thread