Expat allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
apple mac os x |
||
suse linux enterprise server 11 |
||
suse studio onsite 1.3 |
||
suse linux enterprise software development kit 11 |
||
suse linux enterprise debuginfo 11 |
||
opensuse leap 42.1 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise server 12 |
||
suse linux enterprise desktop 12 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
libexpat project libexpat |
||
debian debian linux 8.0 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
mcafee policy auditor |
||
python python |
Get patching – fix available now
Bored hacker looking for fun? We couldn't possibly suggest you attack the latest vulnerability in ESET's antivirus software, because it's too basic to offer any challenge at all. As outlined in this advisory today, all you need to get root-level remote code execution on a Mac is to intercept the ESET antivirus package's connection to its backend servers, put yourself in as a man-in-the-middle, and exploit an XML library hole. Or, to use the technically correct language of Google Security Team's ...