vendor:
Netwrix Auditor
by:
7.5
CVSS
HIGH
Stack Buffer Overflow
CWE
Product Name: Netwrix Auditor
Affected Version From: 7.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Netwrix Auditor 7.1.322.0 ActiveX (sourceFile) Stack Buffer Overflow Vulnerability
The application suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the 'sourceFile' string parameter in PackFile() and UnpackFile() functions in 'Netwrix.Common.CollectEngine.dll' library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute arbitrary code.