Lucene search

SAINT CorporationSAINT:69F3181825F91F079A41868164E479DE

HistoryJul 14, 2006 - 12:00 a.m.

eSignal WinSig.exe buffer overflow

2006-07-1400:00:00

SAINT Corporation

my.saintcorporation.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.331 Low

EPSS

Percentile

97.1%

JSON

Added: 07/14/2006
CVE: CVE-2004-1868
BID: 9978
OSVDB: 4583

Background

eSignal is a tool which provides real-time financial and market information. Its main application, **WinSig.exe**, services requests on port 80/TCP.

Problem

A buffer overflow vulnerability in eSignal allows remote attackers to execute arbitrary commands by sending a STREAMQUOTE element containing a large amount of data.

Resolution

Upgrade to eSignal version 7.6 release 3, build 636a.

References

<http://archives.neohapsis.com/archives/bugtraq/2004-04/0056.html>

Limitations

Exploit works on eSignal 7.6 Build 635.

Platforms

Windows 2000
Windows XP

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.331 Low

EPSS

Percentile

97.1%

JSON

Related for SAINT:69F3181825F91F079A41868164E479DE