>From a technical point of view, it's a vulnerability because you can
gain control of EIP.
The reason why a victim would probably import an arbitrary .reg file is
the same as why he would use a .wav file from an untrusted source, which
exploits a flaw in the installed .wav converter. If you can co
On Sat, Nov 16, 2013 at 03:23:07PM +0100, Julien Ahrens wrote:
> A buffer overflow vulnerability has been identified in Avira Secure
> Backup v1.0.0.1 Build 3616.
> An attacker needs to force the victim to import an arbitrary .reg file
> in order to exploit the vulnerability.
Could you please ela
RCE Security Advisory
http://www.rcesecurity.com
1. ADVISORY INFORMATION
---
Product:Avira Secure Backup
Vendor URL: www.avira.com
Type: Improper Restriction of Operations within the Bounds of
a Memory Buffer [CWE-119]
Date found: 2013-10-30
Date pu