In association with heise online

29 January 2007, 15:02

Hole in CHMlib Open Source library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Service provider iDefense has reported a vulnerability in the CHMlib Open Source library that attackers can exploit to get control of a victim's computer. Among other things, CHMlib allows the well-known CHM help files from Windows to be displayed under Linux, for instance in the xchm program or other applications. In addition, ebooks are increasingly being sold in the CHM format.

Specially prepared CHM files allow the stack pointer to be manipulated. Code can then be injected onto the stack and launched with the user's rights. The flaw was found in version 0.38, but previous versions are probably also affected. This flaw has been remedied in version 0.39.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit