XDICT Word Translation Mouse-over Overflow

2004-11-03T01:48:48
ID OSVDB:11348
Type osvdb
Reporter Sowhat()
Modified 2004-11-03T01:48:48

Description

Vulnerability Description

A remote overflow exists in XDICT. XDICT fails to check bounds properly when a user's mouse is placed over a word in "Screen Fetch" mode, resulting in a buffer overflow. With a specially crafted document containing a word longer then 88 characters, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Reconfigure the "Screen Fetch" Mode to use "CTRL+MOUSE" and avoid translating long strings.

Short Description

A remote overflow exists in XDICT. XDICT fails to check bounds properly when a user's mouse is placed over a word in "Screen Fetch" mode, resulting in a buffer overflow. With a specially crafted document containing a word longer then 88 characters, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.kingsoft.com/ Security Tracker: 1012017 Other Advisory URL: http://secway.org/Advisory/Ad20041026CN.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0025.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1189.html