Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Tor and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. Impact level: Application

Solution

Upgrade to version 0.2.1.28 or 0.2.2.20-alpha or later http://www.torproject.org/download/download.html.en

Insight

The issue is caused by an unknown heap overflow error when processing user-supplied data, which can be exploited to cause a heap-based buffer overflow.

Affected

Tor version prior to 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha on Windows.

References

http://secunia.com/advisories/42536
http://www.vupen.com/english/advisories/2010/3290

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1676

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability

Take action and discover your vulnerabilities