Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

ID VU:159907
Type cert
Reporter CERT
Modified 2002-08-05T15:25:00



Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+.


Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffer overflow vulnerability. This component is used by the Web+ CGI program "webplus.exe," which is installed by default in the cgi-bin directory when Web+ is used to build a web site.


By requesting a specially crafted URI from a site running Web+, an attacker can execute arbitrary code with privileges of the user running webpsvc.exe, typically the SYSTEM user.


Apply a patch from your vendor

See the following document for more details:


Vendor Information


Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Talentsoft Unknown

Updated: April 17, 2002



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
Base | |
Temporal | |
Environmental | |


  • <http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943>
  • <http://www.securityfocus.com/bid/4233>


Thanks to Mark Litchfield for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: | CVE-2002-0449
Severity Metric: | 4.56
Date Public: | 2002-03-05
Date First Published: | 2002-08-05
Date Last Updated: | 2002-08-05 15:25 UTC
Document Revision: | 7