SAINT CorporationSAINT:D510B7B27D3627764F0E5907A06E7D7BeSignal WinSig.exe buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.1%
Added: 07/14/2006
CVE: CVE-2004-1868
BID: 9978
OSVDB: 4583
Background
eSignal is a tool which provides real-time financial and market information. Its main application, **WinSig.exe**, services requests on port 80/TCP.
Problem
A buffer overflow vulnerability in eSignal allows remote attackers to execute arbitrary commands by sending a STREAMQUOTE element containing a large amount of data.
Resolution
Upgrade to eSignal version 7.6 release 3, build 636a.
References
<http://archives.neohapsis.com/archives/bugtraq/2004-04/0056.html>
Limitations
Exploit works on eSignal 7.6 Build 635.
Platforms
Windows 2000
Windows XP
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.1%