{"id":863,"date":"2009-11-04T19:56:35","date_gmt":"2009-11-04T19:56:35","guid":{"rendered":"http:\/\/xpantispy.org\/xpas-ng\/2009\/11\/xp-antispy-3-97-5\/"},"modified":"2013-03-14T09:11:09","modified_gmt":"2013-03-14T08:11:09","slug":"xp-antispy-3-97-5","status":"publish","type":"post","link":"https:\/\/xp-antispy.org\/en\/2009\/11\/xp-antispy-3-97-5\/","title":{"rendered":"xp-AntiSpy 3.97-5"},"content":{"rendered":"<p><\/p>\n<p>Yesterday, a visitor sent me this <a href=\"http:\/\/pocoftheday.blogspot.com\/2009\/10\/xp-antispy-397-4-local-xpas-file-local.html\">link<\/a>. It explains how to crash the xp-AntiSpy by a invalid profile. Since you can export existing profiles to a file, you certainly can import profiles too. And there was the bug. I did not range check the values read from the file. And if you selected the invalid profile, the xp-AntiSpy tried to check a setting that never existed and that is the cause for the crash.<br \/>So I fixed this possible vulnerability and released the version 3.97-5. Nothing else did change.<\/p>\n<p>Greetings, -chris- <\/p>\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Yesterday, a visitor sent me this link. It explains how to crash the xp-AntiSpy by a invalid profile. Since you can export existing profiles to a file, you certainly can import profiles too. And there was the bug. I did &hellip; <a href=\"https:\/\/xp-antispy.org\/en\/2009\/11\/xp-antispy-3-97-5\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/posts\/863"}],"collection":[{"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/comments?post=863"}],"version-history":[{"count":1,"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/posts\/863\/revisions"}],"predecessor-version":[{"id":997,"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/posts\/863\/revisions\/997"}],"wp:attachment":[{"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/media?parent=863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/categories?post=863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xp-antispy.org\/en\/wp-json\/wp\/v2\/tags?post=863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}