CVE-2012-0915 Information

Description

Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file leading to a heap-based buffer overflow as demonstrated using a BMP image.

Reference

http://secunia.com/advisories/47314 http://www.securityfocus.com/bid/51585