ooVoo 1.7.1.35 (URL Protocol) remote unicode buffer overflow poc

vendor:

ooVoo

by:

Nine:Situations:Group::bruiser

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: ooVoo

Affected Version From: 1.7.1.35

Affected Version To: 1.7.1.35

Patch Exists: YES

Related CWE: N/A

CPE: oovoo:oovoo:1.7.1.35

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

ooVoo 1.7.1.35 (URL Protocol) remote unicode buffer overflow poc

Nine:Situations:Group::bruiser discovered a buffer overflow vulnerability in ooVoo 1.7.1.35. The vulnerability is triggered when a maliciously crafted URL is processed by ooVoo.exe, which can lead to arbitrary code execution.

Mitigation:

Upgrade to the latest version of ooVoo.

Source

ooVoo 1.7.1.35 (URL Protocol) remote unicode buffer overflow poc

Mitigation:

Exploit-DB raw data: