[VIM] CVE-2009-2533

Carsten H. Eiram che at secunia.com
Wed Jul 29 08:33:55 UTC 2009


When analysing this vulnerability we noticed that the NULL pointer
dereference error does actually not occur because the
"DataConvertBuffer" property is empty, but instead because the provided
PoC includes a "DataConvertBuffer" property, but no "Content-Length"
header.

Any SET_PARAMETER request containing a "DataConvertBuffer" property (not
necessarily empty) and either no "Content-Length" header or an invalid
one triggers the NULL pointer dereference error.

Our advisory, SA35815, contains a bit more information.


-- 

Med venlig hilsen / Kind regards


Carsten H. Eiram
Chief Security Specialist

Secunia 
Weidekampsgade 14 A
DK-2300 Copenhagen S
Denmark

Phone  +45 7020 5144
Fax    +45 7020 5145



More information about the VIM mailing list