QuickCam linux device driver allows arbitrary code execution Dec 29 2006 03:20PM
sapheal hack pl
Synopsis: QuickCam linux device driver arbitrary code execution
Product: QuickCam
Version: <=1.0.9


A critical security vulnerability has been found in QuickCam
initialization function (qcamvc_video_init) of the protytype:

static void qcamvc_video_init(struct qcamvc *qcamvc)

The memory corruption conditions might lead to arbitrary code

Affected Versions

OpenSER <= 1.0.9


Proper boundary checking.


Exploitation might be performed by the use of specially
crafted QuickCam object.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus