Microsoft Windows CE ASP Parser Buffer Overflow Vulnerability
TITLE: Microsoft Windows CE ASP Parser Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 27 2005 12:00AM
UPDATE: Jun 12 2007 06:09PM
CREDIT: Ollie Whitehouse of Symantec reported this issue.
VULNERABLE:
Microsoft Windows CE 6.0NOT VULNERABLE:
Microsoft Windows CE 5.0
Vai alla pagina originale su Security Focus
Discussion
Microsoft Windows CE is prone to a buffer-overflow vulnreability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected webserver. Failed exploit attempts will result in a denial-of-service condition.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
References:
- FIX: The Web server component does not correctly process ASP pages (Microsoft )
- Microsoft Windows CE Homepage (Microsoft)
- The Elephant Under the Carpet (and when I say 'carpet' I mean PDA) (Symantec )