BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more.
BigAnt IM Server is vulnerable to buffer overflow in the
**expsrv.dll** library as a result of improper validation of user-supplied input. A remote attacker could exploit this vulnerability by sending a specially crafted DDNF request with an overly large "username" field to execute arbitrary code.
Upgrade to a fixed version of BigAnt Server when one becomes available.
This exploit was tested against BigAntSoft BigAnt Server 2.97 SP7 on Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).