Buffer Overflow in Talentsoft Web+

Reported April 17, 2002, by NGS Software.

VERSION AFFECTED

  • Talentsoft’s Web+ 5.0  and 4.6 for IIS 5.0 and 4.0

 

DESCRIPTION

A buffer overflow condition exists in Talentsoft’s Web+ 5.0 and 4.6 that can cause code 
to execute on the vulnerable system under the system-security context. By requesting
a Wireless Markup Language (WML) file from a Web server and supplying an overly long cookie, 
an attacker can cause the internal buffer to overflow and overwrite a saved return address on 
the stack.

 

VENDOR RESPONSE

 

The vendor, Talentsoft, has created a patch for this vulnerability.

 

CREDIT
Discovered by David Litchfield.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish