Summary
This host is installed with Ghostscript and is prone to Buffer Overflow Vulnerability.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the affected application and can cause denial of service.
Impact Level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
These flaws are due to,
- Boundary error in the 'parser()' which allows the attackers to execute arbitrary code via a crafted PostScript file.
- Buffer overflow and memory corruption errors when processing a recursive procedure invocations, which could be exploited to crash an affected application or execute arbitrary code.
Affected
Ghostscript version 8.70 and 8.64 on Windows.
References
Severity
Classification
-
CVE CVE-2010-1628, CVE-2010-1869 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
- CCProxy CONNECTION Request Buffer Overflow Vulnerability
- BigAntSoft BigAnt IM Message Server Multiple Vulnerabilities
- Buffer Overflow Vulnerability in Adobe Reader (Linux)
- Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)