The title says all. All the details are here:
http://www.idefense.com/application/poi/display?id=189&type=vulnerabilities&flashstatus=true
Reading the page you will find a link for a temp patch.

Thanks to Zero for the news.

Regards,
ZaiRoN

Apparently W32Dasm has the same vulnerability too:

http://www.securityfocus.com/archive/1/388251

ouch, i don't want that too..
so i added pvdasm a check on the import's length to avoid buffer Overflow Vulnerability.

about w32dasm.. a dead tool since ages.
IDA will have it fixed in the next release.
PEid as well.
and ofcourse PVDasm.

good day.

Ida has the bug, windasm has the bug, peid has the bug, pvdasm has the bug... who copies who http://www.woodmann.com/forum/smilies/tongue.gif

so doesnt olly have it or does it only affect disassemblers and not debuggers or is oleh l33t

ZaiRoN,
PVDasm HAD the bug!
seems i am the only one who really cares bout his code


e.g:
well, i guess wsprintf(buffer,"%s",import->api_name);
is pretty obious for anyone who wanna retrieve the api name

about ollydbg,
if oleh used any string copy function to retrieve the api name without check the len of the api against the buffer, than yes, ollydbg has the same exploid just as any disasm around... also windbg,ida,win32dasm, (not pvdasm.. its bug free :P)