Archive for April 11th, 2010

Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC

Summary

The eToken PKI Client is the software that enables eToken USB operation and the implementation of eToken PKI-based solutions. These solutions include certificate-based strong two-factor authentication, encryption and digital signing. With the PKI Client your PKI solutions become highly secure, extremely convenient and portable, as you can easily and securely generate and store PKI keys on-board eToken smart card-based devices.

Description

eToken PKI Client is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious ETV file to execute arbitrary code and to cause denial-of-service conditions.

Aladdin

More info: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4933.php