Fujitsu SystemcastWizard Lite PXE service buffer overflow

2009-03-03T00:00:00
ID SAINT:F168A3089838198F30F8EFEB69B427F9
Type saint
Reporter SAINT Corporation
Modified 2009-03-03T00:00:00

Description

Added: 03/03/2009
CVE: CVE-2009-0270
BID: 33342
OSVDB: 51486

Background

SystemcastWizard Lite is support software for the setup of Primequest systems.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted datagram to the PXE service.

Resolution

Apply the patch referenced on the precautions page for Windows Server 2008 or Windows Server 2003.

References

<http://www.securityfocus.com/archive/1/500172>

Limitations

Exploit works on Fujitsu SystemcastWizard Lite 1.9.

Platforms

Windows