Easy File Management Web Server UserID Cookie Handling Buffer Overflow

2014-07-02T00:00:00
ID SAINT:377D615D2B60D8D3816E2B2CA808F391
Type saint
Reporter SAINT Corporation
Modified 2014-07-02T00:00:00

Description

Added: 07/02/2014
BID: 67542
OSVDB: 107241

Background

Easy File Management Web Server is a Microsoft Windows based file management application that allows remote users to upload and download files through a web browser. It also supports online editing of Word, Excel, PowerPoint and PDF documents on the server by a user with just a browser.

Problem

Easy File Management Web Server 4.0 and 5.3 are vulnerable to remote stack buffer overflow as a result of not properly validating user-supplied input when handling the **UserID** cookie. A successful remote attacker could execute arbitrary code with the privileges of the system user.

Resolution

Contact the vendor for information on when a fix will be available. In the interim, only allow trusted sites to access the application.

References

<http://www.securelist.com/en/advisories/58879>

Limitations

Exploit works on Easy File Management Web Server v4.0 and v5.3.

Platforms

Windows