Multiple Buffer-Overflow Vulnerabilities in eIQnetworks Enterprise Security Analyzer

vendor:

Enterprise Security Analyzer

by:

Unknown

7.5

CVSS

HIGH

Buffer-Overflow

Buffer Overflow

CWE

Product Name: Enterprise Security Analyzer

Affected Version From: 2.5

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:eiqnetworks:enterprise_security_analyzer:2.5

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Multiple Buffer-Overflow Vulnerabilities in eIQnetworks Enterprise Security Analyzer

eIQnetworks Enterprise Security Analyzer is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23454/info

eIQnetworks Enterprise Security Analyzer is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Enterprise Security Analyzer 2.5 is reported vulnerable; other versions may also be affected. 

- DELETESEARCHFOLDER : [DELETESEARCHFOLDER&A x 40000...&]
- DELTASK: [DELTASK&A x 3000...&current&test&]
- HMGR_CHECKHOSTSCSV: [ HMGR_CHECKHOSTSCSV&A x 80000...&]
- TASKUPDATEDUSER: [TASKUPDATEDUSER&A x 60000...&test&test&]
- VERIFYUSERKEY: [VERIFYUSERKEY&A x 13000...&Administrator&127.0.0.1&12345]
- VERIFYPWD: [VERIFYPWD&A x 6000...&admin&adminpass&]