[VIM] CVE-2009-2533
Carsten H. Eiram
che at secunia.com
Wed Jul 29 08:33:55 UTC 2009
When analysing this vulnerability we noticed that the NULL pointer
dereference error does actually not occur because the
"DataConvertBuffer" property is empty, but instead because the provided
PoC includes a "DataConvertBuffer" property, but no "Content-Length"
header.
Any SET_PARAMETER request containing a "DataConvertBuffer" property (not
necessarily empty) and either no "Content-Length" header or an invalid
one triggers the NULL pointer dereference error.
Our advisory, SA35815, contains a bit more information.
--
Med venlig hilsen / Kind regards
Carsten H. Eiram
Chief Security Specialist
Secunia
Weidekampsgade 14 A
DK-2300 Copenhagen S
Denmark
Phone +45 7020 5144
Fax +45 7020 5145
More information about the VIM
mailing list