Summary
This host is installed with Ghostscript and is prone to Buffer Overflow Vulnerability.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the affected application and can cause denial of service.
Impact Level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
These flaws are due to,
- Boundary error in the 'parser()' which allows the attackers to execute arbitrary code via a crafted PostScript file.
- Buffer overflow and memory corruption errors when processing a recursive procedure invocations, which could be exploited to crash an affected application or execute arbitrary code.
Affected
Ghostscript version 8.70 and 8.64 on Windows.
References
Severity
Classification
-
CVE CVE-2010-1628, CVE-2010-1869 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
- Adobe Air Buffer Overflow Vulnerability (Mac OS X)
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)