Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)

To: svrt <svrt@xxxxxxxxxxx>
Subject: Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)
From: Eygene Ryabinkin <rea-sec@xxxxxxxxxxx>
Date: Tue, 25 Nov 2008 13:51:20 +0300
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=TQwOA4CYNwe7e8yOSn8jfS4p28h5jPbv81UlCwKRElJaSY3FOdKdY68MFwGtK/+qj7AbHTqvkbUc67oijj8kqyNS82dG5KnG+jtkcesMseWJHS1zTxObRr4ac7p+h5OlOsM+60+x4EUibrFn0yDebkuQtg56szLYP99MdZVnpCk=;
In-reply-to: <32C9A90BAE9C40ABA85B7B889C2AFEB0@SVRTBkis>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <32C9A90BAE9C40ABA85B7B889C2AFEB0@SVRTBkis>
Sender: rea-sec@xxxxxxxxxxx

Good day.

Mon, Nov 24, 2008 at 03:17:05PM +0700, svrt wrote:
> In Oct 2008, SVRT-Bkis has detected a serious buffer overflow vulnerability
> in ffdshow which affects all available internet browsers.
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Really?  And links, elinks, lynx, dillo and others are affected too?
What about my Firefox that (I assume) has no ffdshow code inside it and
there are no ffdshow-related plugins coupled to it?  Is it vulnerable?

I am really appreciate that you're searching for the issues and
releasing advisories -- thanks for doing this!  But, please, use the
appropriate wording, or your advisories will lead to controversial
feelings.

Sorry for being a bit bluffy :(
-- 
Eygene

References:
- [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)
  - From: svrt

Prev by Date: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Next by Date: Re: Re: OpenSSH security advisory: cbc.adv
Previous by thread: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)
Next by thread: Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)
Index(es):
- Date
- Thread