Added: 02/22/2013
CVE: CVE-2012-6275
BID: 57214
OSVDB: 89344
BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more.
BigAnt Server versions 2.97 SP7 and prior are vulnerable to a stack overflow condition due to improper validation of user supplied username and filename fields when handling SCH and DUPF commands.
No patch is available from the vendor at this time.
<http://www.kb.cert.org/vuls/id/990652>
This exploit has been tested against BigAntSoft BigAnt Server 2.97 SP7 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Windows