Vulnerabilities > CVE-2008-0070 - Numeric Errors vulnerability in ORB Networks ORB 2.0.1014
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 28431 CVE(CAN) ID: CVE-2008-0070 Orb是用于提供MyCast功能的应用,MyCasting允许用户通过PC或其他internet连接设备访问相片、音乐、视频等数字内容。 Orb在处理RPC请求中所接收到的变量类型数组中维度数时存在整数溢出漏洞,如果用户在提交的请求中执行了超大的数组维度的话,就可能触发堆溢出,导致执行任意指令。 Orb Networks Orb 2.00.1014 Orb Networks ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.orbnetworks.com/ target=_blank>http://www.orbnetworks.com/</a> |
| id | SSV:3099 |
| last seen | 2017-11-19 |
| modified | 2008-03-27 |
| published | 2008-03-27 |
| reporter | Root |
| title | Orb Networks Orb RPC请求远程整数溢出漏洞 |