Risks
Vulnerabilities
Browse by
Portable UPnP SDK unique_service_name() Remote Code Execution
11 February 2013
Bookmark and Share
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

ID: CVE-2012-5958
Vendor: libupnp.org

CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)


Spotlight

Russian APT group actively exploiting Flash, Windows 0-day flaws

APT28 has been spotted wielding two zero-day exploits in the latest targeted attack aimed at an "international government entity in an industry vertical that aligns with known APT28 targeting."


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Apr 21st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //