Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15526
HistoryDec 30, 2006 - 12:00 a.m.

QuickCam linux device driver allows arbitrary code execution

2006-12-3000:00:00
vulners.com
6

Synopsis: QuickCam linux device driver arbitrary code execution
Product: QuickCam
Version: <=1.0.9

Issue/Details:

A critical security vulnerability has been found in QuickCam
initialization function (qcamvc_video_init) of the protytype:

static void qcamvc_video_init(struct qcamvc *qcamvc)

The memory corruption conditions might lead to arbitrary code
execution.

Affected Versions

OpenSER <= 1.0.9

Solution

Proper boundary checking.

Exploitation

Exploitation might be performed by the use of specially
crafted QuickCam object.