[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo@xxxxxxxxxxxxxxxxx>
Date: Tue, 08 Feb 2011 19:12:38 -0200

Dear List,

So finally all the vendors fixed this critical issue (remote code
execution).

As usual, here it goes the PoC to help in the exploitation.  It works
against all the affected vendors, so just adjust your payload and have fun!

http://www.kernelhacking.com/rodrigo/exploits/cmsd_cve2010-4435.c



Regards,


Rodrigo (BSDaemon).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] is FD moderated or not? (hint: ask n3td3v)
Next by Date: [Full-disclosure] ZDI-11-065: Adobe Reader Controlled memset Remote Code Execution Vulnerability
Previous by thread: Re: [Full-disclosure] is FD moderated or not? (hint: ask n3td3v)
Next by thread: [Full-disclosure] ZDI-11-065: Adobe Reader Controlled memset Remote Code Execution Vulnerability
Index(es):
- Date
- Thread