Teamspeak 2: Windows client memory corruption

Users of Teamspeak 2 please be advised of a Windows client memory corruption vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

nSense-2010-002: [nSense-2010-002] Teamspeak 2 Windows client memory corruption
Affected Product: Teamspeak 2 version 2.0.32.60
Technical details
—————————————————————

The specific flaw exists within the TeamSpeak.exe module
teardown procedure responsible for freeing dynamically
allocated application handles.

It is possible to corrupt this memory area by transmitting a
voice transmission packet (0xf2) to the server. All clients
receiving the voice transmission will have their memory
corrupted. The resulting memory corruption leads to a overflow
of values which are later used in a copy operation
(during teardown).

This can be leveraged to achieve remote code execution
within the context of the user running the application.Read more at http://www.criticalwatch.com

 

Advertisements