EMC AutoStart ftAgent.exe Null Byte Write (CVE-2012-0409)

A memory corruption vulnerability has been reported in EMC AutoStart...

ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-118 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-122 July 12, 2012 - -- CVE ID: CVE-2012-0409 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: EM...

CVE-2012-0409

The CVE-2012-0409 issue affects EMC AutoStart, specifically the ftAgent component. The vulnerability stems from parsing routines for op-codes in EMC AutoStart ftAgent’s network protocol, where values read from the network are used in memory size calculations without validation. This can cause int...