• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Web Browser BMP Partial Palette Information Disclosure and Denial Of Service Vulnerability

Bugtraq ID:	27826
Class:	Design Error
CVE:	CVE-2008-0420
Remote:	Yes
Local:	No
Published:	Feb 16 2008 12:00AM
Updated:	Jun 11 2008 04:52PM
Credit:	Gynvael Coldwind, Hispasec and Team Vexillium is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Sun Solaris 10_x86 Sun Solaris 10 RedHat Fedora 8 0 RedHat Fedora 7 0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 Opera Software Opera Web Browser 9.50 beta Mozilla Thunderbird 2.0 8 Mozilla Thunderbird 2.0 .9 Mozilla Thunderbird 2.0 .6 Mozilla Thunderbird 2.0 .5 Mozilla Thunderbird 2.0 .4 Mozilla Thunderbird 1.5 beta 2 Mozilla Thunderbird 1.5 14 Mozilla Thunderbird 1.5 12 Mozilla Thunderbird 1.5 .9 Mozilla Thunderbird 1.5 .13 Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.5.0.8 Mozilla Thunderbird 1.5.0.7 Mozilla Thunderbird 1.5.0.5 Mozilla Thunderbird 1.5.0.4 Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5.0.10 Mozilla Thunderbird 1.5.0.1 Mozilla SeaMonkey 1.1.7 Mozilla SeaMonkey 1.1.6 Mozilla SeaMonkey 1.1.5 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.0.99 Mozilla SeaMonkey 1.0.9 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.1 beta Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.10 Gentoo Linux
Not Vulnerable:	Opera Software Opera Web Browser 9.25 Opera Software Opera Web Browser 9.24 Mozilla Thunderbird 2.0 .12 Mozilla SeaMonkey 1.1.8 Mozilla Firefox 2.0.0.12