Summary
This host is installed with Tor and is prone to heap based buffer overflow vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Impact level: Application
Solution
Upgrade to version 0.2.1.28 or 0.2.2.20-alpha or later http://www.torproject.org/download/download.html.en
Insight
The issue is caused by an unknown heap overflow error when processing user-supplied data, which can be exploited to cause a heap-based buffer overflow.
Affected
Tor version prior to 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1676 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
- Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
- Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability