Arbitrary Remote Code Execution Vulnerability in WildTangent Web Driver 4.0

Reported June 03, 2004, by NGSSoftware
 

VERSIONS AFFECTED

  • WildTangent Web Driver 4.0

DESCRIPTION
A vulnerability in WildTangent Web Driver 4.0 could result in arbitrary remote code execution on the vulnerable system. You could cause a number of buffer overruns within the WildTangent package, namely within the WTHoster and WebDriver modules, by using any method that takes a filename as a parameter. You can obtain more information about this vulnerability on the discoverer's Web site.

VENDOR RESPONSE
WildTangent has released version 4.1, which isn't vulnerable to this condition.

CREDIT
Discovered by NGSSoftware.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish