Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

2002-08-05T00:00:00
ID VU:159907
Type cert
Reporter CERT
Modified 2002-08-05T15:25:00

Description

Overview

Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+.

Description

Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffer overflow vulnerability. This component is used by the Web+ CGI program "webplus.exe," which is installed by default in the cgi-bin directory when Web+ is used to build a web site.


Impact

By requesting a specially crafted URI from a site running Web+, an attacker can execute arbitrary code with privileges of the user running webpsvc.exe, typically the SYSTEM user.


Solution

Apply a patch from your vendor

See the following document for more details:

<http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943>


Vendor Information

159907

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Talentsoft Unknown

Updated: April 17, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943>
  • <http://www.securityfocus.com/bid/4233>

Acknowledgements

Thanks to Mark Litchfield for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: | CVE-2002-0449
---|---
Severity Metric: | 4.56
Date Public: | 2002-03-05
Date First Published: | 2002-08-05
Date Last Updated: | 2002-08-05 15:25 UTC
Document Revision: | 7