Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities

The remote host has a version of Sielco Sistemi Winlog prior to 2.07.17. As such, it is affected by the following vulnerabilities:

• There is a stack-based buffer overflow that can be triggered by sending a specially crafted TCP packet to port 46824 that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function. (CVE-2012-4353)

• TCPIPS_Story.dll allows remote attackers to execute arbitrary code by sending a specially crafted packet to port 46824 containing a positive integer after the opcode, triggering incorrect function-pointer processing. (CVE-2012-4354)

• There are directory traversal vulnerabilities that can be triggered by sending a specially crafted TCP packet specifying a file-open operation, followed by a packet with a file read operation to port 46824. CVE-2012-4356)

• By sending a specially crafted packet to port 46824 containing an invalid file-pointer index, it might be possible to execute arbitrary code. (CVE-2012-4357)

• Sending a specially crafted packet to port 46824 with opcode 0x00, followed by a positive integer will cause a denial of service condition. (CVE-2012-4358)