CVE-2013-4099 Information

Description

Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11 as used in JOGAMP allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEffectSlotf1 (2) alBuffer3f1 (3) alBufferfv1 (4) alDeleteEffects1 (5) alEffectf1 (6) alEffectfv1 (7) alEffectiv1 (8) alEnable1 (9) alFilterfv1 (10) alFilteriv1 (11) alGenAuxiliaryEffectSlots1 (12) alGenEffects1 (13) alGenFilters1 (14) alGenSources1 (15) alGetAuxiliaryEffectSlotiv1 (16) alGetBuffer3f1 (17) alGetBuffer3i1 (18) alGetBufferf1 (19) alGetBufferiv1 (20) alGetDoublev1 (21) alGetEffectf1 (22) alGetEffectfv1 (23) alGetEffectiv1 (24) alGetEnumValue1 (25) alGetFilteri1 (26) alGetFilteriv1 (27) alGetFloat1 (28) alGetFloatv1 (29) alGetListener3f1 (30) alGetListener3i1 (31) alGetListenerf1 (32) alGetListeneri1 (33) alGetListeneriv1 (34) alGetProcAddress1 (35) alGetProcAddressStatic (36) alGetSource3f1 (37) alGetSource3i1 (38) alGetSourcef1 (39) alGetSourcefv1 (40) alGetSourcei1 (41) alGetSourceiv1 (42) alGetString1java/lang/String; (43) alIsAuxiliaryEffectSlot1 (44) alIsBuffer1 (45) alIsEffect1 (46) alIsExtensionPresent1 (47) alIsFilter1 (48) alListener3f1 (49) alListener3i1 (50) alListenerf1 (51) alListenerfv1 (52) alListeneri1 (53) alListeneriv1 (54) alSource3f1 (55) alSource3i1 (56) alSourcef1 (57) alSourcefv1 (58) alSourcei1 (59) alSourceiv1 (60) alSourcePause1 (61) alSourcePausev1 (62) alSourcePlay1 (63) alSourcePlayv1 (64) alSourceQueueBuffers1 (65) alSourceRewindv1 (66) alSourceStop1 (67) alSourceStopv1 (68) alSourceUnqueueBuffers1 or (69) alSpeedOfSound1 method in jogamp.openal.ALImpl.dispatch.

Reference

http://labb.zafena.se/?p=799 http://osvdb.org/96582 http://www.fuzzmyapp.com/advisories/FMA-2012-038/FMA-2012-038-EN.xml http://www.securityfocus.com/bid/61950