vendor:
Spetnik TCPing
by:
hyp3rlinx
7.5
CVSS
HIGH
Buffer Overflow
Buffer Overflow
CWE
Product Name: Spetnik TCPing
Affected Version From: 2.1.2000
Affected Version To: 2.1.2000
Patch Exists: NO
Related CWE:
CPE: a:spetnik:tcping:2.1.0
Platforms Tested:
Buffer Overflow in Spetnik TCPing 2.1.0
If TCPing is called with a specially crafted CL argument, it causes an exception and overwrites the Pointers to next SEH record and SEH handler with a buffer and malicious shellcode. TCPing is not compiled with SafeSEH, so an arbitrary code execution can be achieved on the victim's system.
Mitigation:
Update to a version of Spetnik TCPing that is compiled with SafeSEH or use an alternative software.