CVE-2004-0362
CVE-2004-0362
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/16464não verificadoexploitdbwww.exploit-db.com/exploits/168não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://marc.info/?l=bugtraq&m=107965651712378&w=2http://secunia.com/advisories/11073https://exchange.xforce.ibmcloud.com/vulnerabilities/15442https://exchange.xforce.ibmcloud.com/vulnerabilities/15543http://www.ciac.org/ciac/bulletins/o-104.shtmlhttp://www.eeye.com/html/Research/Advisories/AD20040318.htmlhttp://www.kb.cert.org/vuls/id/947254http://www.osvdb.org/4355http://www.securityfocus.com/bid/9913http://xforce.iss.net/xforce/alerts/id/166