Test ID:	1.3.6.1.4.1.25623.1.0.66403
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2009:231-1 (htmldoc)
Summary:	The remote host is missing an update to htmldoc;announced via advisory MDVSA-2009:231-1.
Description:	Summary: The remote host is missing an update to htmldoc announced via advisory MDVSA-2009:231-1. Vulnerability Insight: A security vulnerability has been identified and fixed in htmldoc: Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries (CVE-2009-3050). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3050 http://packetstormsecurity.org/0907-exploits/htmldoc-overflow.txt http://www.openwall.com/lists/oss-security/2009/07/25/3 http://www.openwall.com/lists/oss-security/2009/07/26/2 http://www.openwall.com/lists/oss-security/2009/09/01/1 http://secunia.com/advisories/35780
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.