ooVoo URI Handler Remote Stack Based BOF Vulnerability

SecPod ID: 10181 ooVoo URI Handler Remote Stack Based BOF Vulnerability	Status: Public Report Release Date: 11-14-2008 Severity: High CVSS Base Score: 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) CVSS Temporal Score = 8.4
Affected Software/OS/Device: ooVoo ooVoo versions 1.7.1.57 and prior	Impact Level: Application

SecPod Nessus Plugin ID: 900177	Snort ID:
Vulnerability Insight: Overview: ooVoo is prone to remote stack based buffer overflow vulnerability. Description: Issue is caused due to an error in the ap_proxy_http_process_response(). The flaw is caused due to boundary error within the in "URI" handling of command line arguments. This can be exploited to cause stack buffer overflow. Impact : Successful exploitation will allow execution of arbitrary code, or denial of service. CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NOT_REQUIRED CONFIDENTIALITY_IMPACT = COMPLETE INTEGRITY_IMPACT = COMPLETE AVAILABILITY_IMPACT = COMPLETE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) CVSS Temporal Score = 8.4 Fix: No solution/patch is available as on 13th November, 2008. References: http://milw0rm.com/exploits/7090 http://secunia.com/advisories/32698 http://www.securityfocus.com/bid/32251