Advisory - =Thu Mar 16 13:39:35 EST 2006= - Buffer Overflow in Dantz Retrospect ------------------------ 1. Description It is possible to make Dantz Retrospect crash or run arbitrary code by the use of malformed input. ------------------------ 2. Vendor Response Dantz Retrospect has offered no information on the problem indentified. ------------------------ 3. CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-21362 to this issue ------------------------ Appendix A Vendor Information http://www.dantz.com ------------------------ Appendix B References RFC 5455 ------------------------ Contact ggfirst [EMAIL PROTECTED] 1-888-565-9428 CISSP GSAE CCE CEH CSFA SSP-CNSA SSP-MPA GIPS GHTQ GWAS CAP SSCP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/