LibPNG Graphics Library Multiple Remote Vulnerabilities

The following exploit has been made available; it is designed to cause an affected application to crash:

http://scary.beasts.org/misc/pngtest_bad.png

An additional exploit is available. Furthermore, an exploit designed to leverage this issue against Microsoft's MSN Messenger (msnMessengerPNGexploit.c) has been made available.

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


 

Privacy Statement
Copyright 2010, SecurityFocus