vendor:
Statistics Server
by:
Per Bergehed
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Statistics Server
Affected Version From: 4.28
Affected Version To: 05.01
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows NT 4.0
2001
Mediahouse Statistics Server Buffer Overflow
The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16 character restriction, this is easily circumventible by editing the HTML to remove the restriction. Entering a string of more than 3773 characters will crash the server. This bug could potentially be used to remotely execute arbitrary code.
Mitigation:
Ensure that input is properly validated and sanitized before being used.