eZphotoshare RtlAllocateHeap Function Heap Overflow

2003-12-04T09:57:20
ID OSVDB:2900
Type osvdb
Reporter OSVDB
Modified 2003-12-04T09:57:20

Description

Vulnerability Description

eZphotoshare contains a remotely exploitable buffer overflow. The flaw is found in the RtlAllocateHeap function, located in the module 'ntdll.dll'. This overflow can be exploited remotely via port 10101.

Solution Description

Upgrade to version 1.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

eZphotoshare contains a remotely exploitable buffer overflow. The flaw is found in the RtlAllocateHeap function, located in the module 'ntdll.dll'. This overflow can be exploited remotely via port 10101.

References:

Vendor Specific Solution URL: http://www.ezphotoshare.com/download.html Secunia Advisory ID:10350 ISS X-Force ID: 13896 Generic Informational URL: http://www.elitehaven.net/ezphotoshare.txt Bugtraq ID: 9150