OSVDB ID: 58649

Title: Alleycode HTML Editor Meta Content Optimizer Multiple HTML Tag Handling Overflows

Info

Disclosure

Oct 05, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple remote overflow exists in Alleycode HTML Editor. Alleycode HTML Editor fails to properly parse the title, meta description and meta keywords HTML tags resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Konae Technologies, Inc.

Alleycode HTML Editor

2.21

References

CVE ID: 2009-3708 (see also: NVD) 2009-3709 (see also: NVD)
Secunia Advisory ID: 36940
Exploit Database: 9866 9991
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-10/0032.html
Other Advisory URL: http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txt
Vendor URL: http://www.alleycode.com/download.htm

Credit

Rafael Sousa -
Anonymous (via Secunia) -

Direct URL: http://osvdb.org/58649