News Rover Subject Line Stack Buffer Overflow Vulnerability
BID:22618
Info
News Rover Subject Line Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 22618 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1041 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Marsu Pilami is credited with the discovery of this vulnerability. |
| Vulnerable: |
S&H Computer Systems News Rover 12.1 RC1 |
| Not Vulnerable: | |
Discussion
News Rover Subject Line Stack Buffer Overflow Vulnerability
News Rover is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
News Rover is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
Exploit / POC
News Rover Subject Line Stack Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
News Rover Subject Line Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].