MediaHouse Server Live Stats Runs Arbitrary Code

 

Reported August 14, 2000 by
DeepZone Digital Security

VERSIONS EFFECTED
  • MediaHouse Statistics Server Live Stats

DESCRIPTION

An unchecked buffer exists within the code the process Web-based GET commands, where the buffer can be overflowed to cause the execution of arbitrary code on the server.

By sending a string of approximately 2033 bytes in length the buffer will overflow.

VENDOR RESPONSE

MediaHouse has created a 5.03 patch that corrects for the Statistics Server (LiveStats) 5.02x memory overflow bug.

CREDIT
Discovered by DeepZone Digital Security

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish