Wireless Manager Sony VAIO version 4.0.0.0 and probably prior suffers from buffer overflow vulnerabilities:
The methods "SetTmpProfileOption()" and "ConnectToNetwork()" in "WifiMan.dll" library doesn't properly checks the length of string parameters. An attacker could craft a malicious HTML page to trigger the vulnerability and execute arbitrary code in the context of the affected user.
Vulnerability ID: HTB23063
Vendor Notification / Patch / Public Disclosure Dates: 7 December 2011 / 20 January 2012 / 30 May 2012
Vulnerabilities Type: Buffer Overflow
Risk level: High
Solution status: Fixed by Vendor
Solution: Install the latest version of the software by using VAIO Update. The update will be installed automatically if you are using the default VAIO Update settings.
More information:
High-Tech Bridge Advisory: HTB23063: 2 Buffer Overflows in Wireless Manager Sony VAIO
Sony eSupport Information: Security Update Program for VAIO® Personal Computers
No comments:
Post a Comment