EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
TITLE: EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
CLASS: Input Validation Error
CVE: CVE-2007-2687
REMOTE: Yes
LOCAL: No
PUBLISHED: May 23 2007 12:00AM
UPDATE: May 23 2007 10:08PM
CREDIT: Carsten Eiram of Secunia Research is credited with the discovery of this vulnerability.
VULNERABLE:
MicroWorld Technologies eScan 9.0.715.1NOT VULNERABLE:
MicroWorld Technologies eScan 9.0.718.1
Vai alla pagina originale su Security Focus
Discussion
eScan is prone to a buffer overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful remote exploit of this issue would result in the complete compromise of affected computers.
This issue affects eScan 9.0.715.1; other versions may also be affected.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
References:
- eScan Homepage (MicroWorld Technologies)
- eScan Products Agent Service Command Decryption Buffer Overflow (Secunia Research)
- Secunia Research: eScan Products Agent Service Command Decryption Buffer Overflo (Secunia)