WildTangent Web Driver Filename Overflow

2004-01-21T05:03:20
ID OSVDB:6445
Type osvdb
Reporter Peter Winter-Smith(peter@ngssoftware.com)
Modified 2004-01-21T05:03:20

Description

Vulnerability Description

A remote overflow exists in WildTangent WebDriver 4.0. The WebDriver fails to properly check input of a filename supplied as a parameter to strcat() resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary remote code execution resulting in a loss of integrity.

Solution Description

WebDriver 4.1 has been released to protect against the vulnerability. This can be obtained from the WildTangent website.

Short Description

A remote overflow exists in WildTangent WebDriver 4.0. The WebDriver fails to properly check input of a filename supplied as a parameter to strcat() resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary remote code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.wildtangent.com Vendor Specific Solution URL: http://www.wildtangent.com/default.asp?pageID=webdriver_download Secunia Advisory ID:11727 Other Advisory URL: http://www.nextgenss.com/advisories/wildtangent.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0296.html