Easy File Sharing Web Server HEAD HTTP request vulnerability

2016-01-08T00:00:00
ID SAINT:91DEB82C05970B12990FA1DF35ECE63C
Type saint
Reporter SAINT Corporation
Modified 2016-01-08T00:00:00

Description

Added: 01/08/2016

Background

Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system (forum).

Problem

Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as a result of not properly validating user-supplied input when handling a HEAD HTTP request. This allows a remote attacker to potentially execute arbitrary code.

Resolution

Install a fixed version when one becomes available. Alternatively, find a different software product solution.

References

<https://www.exploit-db.com/exploits/39009/>

Limitations

Exploit works on Windows XP SP3.

Platforms

Windows