Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Immunity Debugger HTTP Response Processing Buffer Overflow Vulner...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability

Secunia Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability
Secunia Official 28th Mar, 2011 06:02
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
NGS Secure Research has reported a vulnerability in Immunity Debugger, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a boundary error when processing certain HTTP responses from a vendor's server. This can be exploited to cause a heap-based buffer overflow via a specially crafted response containing an overly long string.

Successful exploitation may allow execution of arbitrary code, but requires manipulating response traffic via a Man-in-the-Middle (MitM) attack.

The vulnerability is reported in version 1.73. Other versions may also be affected.

Xaemyl RE: Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability
Member 28th Mar, 2011 06:02
Score: 10
Posts: 2
User Since: 7th Jul 2008
System Score: 100%
Location: US
Last edited on 28th Mar, 2011 06:02
I have updated to the latest version, however PSI still detects it as the earlier version. Anyone else have this problem?
Was this reply relevant?
+0
-0
Anthony Wells RE: Immunity Debugger HTTP Response Processing Buffer Overflow Vulnerability
Expert Contributor 28th Mar, 2011 13:44
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello @Xaemyl ,

You may not be aware that the comments section under any Secunia Advisory is for technical discussion of the SA itself and the vulnerabilities ; your posting creates a thread in the "vulnerabilities" sub-Forum , but it is still limited to technical input regarding the specific SA .

Your problems are with the PSI itself and not relevant to the SA itself ; you need to create your own thread using a/the links in the column on the left hand side of this Forum page .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability