Reported April 17, 2002, by NGS Software.
VERSION AFFECTED
-
Talentsoft’s Web+ 5.0 and 4.6 for IIS 5.0 and 4.0
DESCRIPTION A buffer overflow condition exists in Talentsoft’s Web+ 5.0 and 4.6 that can cause code
to execute on the vulnerable system under the system-security context. By requesting
a Wireless Markup Language (WML) file from a Web server and supplying an overly long cookie,
an attacker can cause the internal buffer to overflow and overwrite a saved return address on
the stack.
VENDOR RESPONSE
The vendor, Talentsoft, has created a patch for this vulnerability.
CREDIT
Discovered by David
Litchfield.
0 comments
Hide comments