• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IBM AFP Viewer Plugin 'SRC' Property Heap Based Buffer Overflow Vulnerability

The IBM AFP Viewer plugin is prone to a heap-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious AFP files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected software, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.

IBM AFP Viewer 2.0.7.1 and 3.2.1.1 are vulnerable; other versions may also be affected.