iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability

LiveData Protocol Server Heap Overflow Vulnerability iDefense Security Advisory 05.02.07 http://labs.idefense.com/intelligence/vulnerabilities/ May 02, 2007 I. BACKGROUND LiveData is a provider of real-time data acquisition and processing software. LiveData Protocol Server is used in SCADA...

CVE-2007-2489

Affected software : LiveData Protocol Server (5.00.045 and older up to 5.00.062). Vulnerability : Heap-based buffer overflow caused by a crafted WSDL request that makes a negative length be passed to strncpy, leading to possible code execution or denial of service. The issue is triggered by overs...

CVE-2007-2489

Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 5.00.062, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a...

LiveData Protocol Server fails to properly handle requests for WSDL files

Overview The LiveData Protocol Server fails to properly handle requests. This vulnerability may allow a remote attacker to execute arbitrary code. Description The LiveData Protocol Server is real-time data acquisition and processing software used to record and transmit data among process control...