HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

BID:10033

Info

HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

Bugtraq ID: 10033
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Apr 02 2004 12:00AM
Updated: Apr 02 2004 12:00AM
Credit: Discovery is this issue is credited to Dennis Rand.
Vulnerable: HAHT Commerce HAHTsite Scenario Server 5.1 Patch 6
HAHT Commerce HAHTsite Scenario Server 5.1 Patch 5
HAHT Commerce HAHTsite Scenario Server 5.1 Patch 4
HAHT Commerce HAHTsite Scenario Server 5.1 Patch 3
HAHT Commerce HAHTsite Scenario Server 5.1 Patch 2
HAHT Commerce HAHTsite Scenario Server 5.1 Patch 1
HAHT Commerce HAHTsite Scenario Server 5.1
Not Vulnerable:

Discussion

HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

HAHTsite Scenario Server is reported to be prone to a remotely exploitable buffer overrun vulnerability.

The issue may be triggered by submitting an HTTP GET request to the vulnerable server component that specifies overly long project file name parameters. hsrun.exe is name of the vulnerable component on Microsoft Windows platforms. This could be exploited to execute arbitrary code in the context of the server.

This issue is reported to affect HAHTsite Scenario Server 5.1 on Windows, Solaris and Linux platforms. The name of the vulnerable component will likely be different depending on the hosting platform.

Exploit / POC

HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

The researcher who discovered this issue has claimed to have developed working exploit code, which is not publicly available or known to be circulating in the wild.

Solution / Fix

HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

Solution:
HAHTsite has released a downloadable patch for Windows platforms.

Users of the software on Solaris and Linux platforms should inquire about fixes from HAHT Technical Support via the following e-mail address:
[email protected]


HAHT Commerce HAHTsite Scenario Server 5.1 Patch 6

HAHT Commerce HAHTsite Scenario Server 5.1 Patch 3

HAHT Commerce HAHTsite Scenario Server 5.1

HAHT Commerce HAHTsite Scenario Server 5.1 Patch 2

HAHT Commerce HAHTsite Scenario Server 5.1 Patch 5

HAHT Commerce HAHTsite Scenario Server 5.1 Patch 1

HAHT Commerce HAHTsite Scenario Server 5.1 Patch 4

References

HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report