Mah-Jong Client/Server Remote sscanf() Buffer Overflow Vulnerability

A remote buffer overflow vulnerability when calling the sscanf() function has been reported to affect the mah-jong game client and server programs. The issue occurs within seperate source files, however the code used by both programs is identical. It should be noted that the bug must be triggered using different options depending on whether the target is a client or server.

This vulnerability can be exploited to execute arbitrary code with the privileges of the target client or server application.


Privacy Statement
Copyright 2010, SecurityFocus