eIQnetworks Enterprise Security Analyzer 2.5 - Multiple Buffer Overflow Vulnerabilities



EKU-ID: 34983 CVE: CVE-2007-2059;OSVDB-34920 OSVDB-ID:
Author: Leon Juranic Published: 2007-04-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/23454/info

eIQnetworks Enterprise Security Analyzer is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Enterprise Security Analyzer 2.5 is reported vulnerable; other versions may also be affected.

- DELETESEARCHFOLDER : [DELETESEARCHFOLDER&A x 40000...&]
- DELTASK: [DELTASK&A x 3000...&current&test&]
- HMGR_CHECKHOSTSCSV: [ HMGR_CHECKHOSTSCSV&A x 80000...&]
- TASKUPDATEDUSER: [TASKUPDATEDUSER&A x 60000...&test&test&]
- VERIFYUSERKEY: [VERIFYUSERKEY&A x 13000...&Administrator&127.0.0.1&12345]
- VERIFYPWD: [VERIFYPWD&A x 6000...&admin&adminpass&]