FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

google-earth -- heap overflow in the KML engine

Affected packages
google-earth < 4.0.2414

Details

VuXML ID 5c9a2769-5ade-11db-a5ae-00508d6a62df
Discovery 2006-10-10
Entry 2006-10-14
Modified 2007-04-13

JAAScois reports:

While processing KML/KMZ data Google Earth fails to verify its size prior to copying it into a fixed-sized buffer. This can be exploited as a buffer-overflow vulnerability to cause the application to crash and/or to execute arbitrary code.

References

Bugtraq ID 20464
URL http://www.jaascois.com/exploits/18602024/