CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.1%
Added: 07/14/2006
CVE: CVE-2004-1868
BID: 9978
OSVDB: 4583
eSignal is a tool which provides real-time financial and market information. Its main application, **WinSig.exe**
, services requests on port 80/TCP.
A buffer overflow vulnerability in eSignal allows remote attackers to execute arbitrary commands by sending a STREAMQUOTE element containing a large amount of data.
Upgrade to eSignal version 7.6 release 3, build 636a.
<http://archives.neohapsis.com/archives/bugtraq/2004-04/0056.html>
Exploit works on eSignal 7.6 Build 635.
Windows 2000
Windows XP