CVE-2006-1275 Information

Description

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML including (1) trailing ’ (apostrophe) character on the ID attribute in a PLAYER XML tag (2) joining with a long ID attribute or non-trailing ’ characters which causes a none name to be assigned and then disconnecting or (3) a long CDATA message attribute which prevents closing tags from being added to the string.

Reference

http://aluigi.altervista.org/adv/ggzcdos-adv.txt http://secunia.com/advisories/19212 http://www.osvdb.org/23848 http://www.securityfocus.com/bid/17094 http://www.vupen.com/english/advisories/2006/0935 https://exchange.xforce.ibmcloud.com/vulnerabilities/25164