Buffer overrun Vulnerability in Celestial Software Absolute Telnet

Reported February 6, 2003, by Knud Erik Højgaard.

 

 

VERSIONS AFFECTED

 

  • Absolute Telnet 2.00 and 2.11

 

DESCRIPTION

 

A vulnerability in Celestial Software's Absolute Telnet 2.00 and 2.11 can lead to arbitrary execution of code on the vulnerable system. This vulnerability is a result of insufficient bounds checking in the code that sets the program's title bar.

 

VENDOR RESPONSE

 

Celestial Software has released version 2.12 Release Candidate 10 (RC10), which isn't vulnerable to this condition.

 

CREDIT

Discovered by Knud Erik Højgaard.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish