Effect Office Overflow

2003-11-21T02:49:40
ID OSVDB:2848
Type osvdb
Reporter OSVDB
Modified 2003-11-21T02:49:40

Description

Vulnerability Description

A remote overflow exists in EffectOffice 2.9. With a specially crafted request, an attacker can cause a DoS and possibly remote execution of code. This occurs because the server fails to validate input sent to it over 56004/tcp.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by restricting access to trusted IPs.

Short Description

A remote overflow exists in EffectOffice 2.9. With a specially crafted request, an attacker can cause a DoS and possibly remote execution of code. This occurs because the server fails to validate input sent to it over 56004/tcp.

References:

Vendor URL: http://www.effectoffice.com/ Secunia Advisory ID:10272 Other Advisory URL: http://lists.netsys.com/pipermail/full-disclosure/2003-November/013972.html ISS X-Force ID: 13798 Bugtraq ID: 9077