AOH :: Windows Apps :: 602LSW1.HTM

AOH :: Windows Apps :: 602LSW1.HTM
602Pro LAN Suite Web Admin Buffer Overflow

Vulnerability

    602Pro Lan Suite Web Admin

Affected

    602Pro Lan Suite Web Admin

Description

    Following is  based on  a Strumpf  Noir Society  Advisories.   Lan
    Suite  is  an  cost-effective  all-in-one  application   providing
    connection  sharing,  email  and  fax  services  for networks.  It
    offers remote  administration capabilities  through an  integrated
    HTTP-server.    602Pro  Lan   Suite  can   be  found   at   vendor
    Software602's website.

    The  remote   administration  component   (webprox.dll)  of   this
    application  is  subject  to  a  buffer  overflow attack through a
    lengthy GET command.  If this request contains 1059 bytes or  more
    it will  overflow a  buffer and  allow the  execution of arbitrary
    code.

Solution

    Vendor was contacted  and has verified  the problem.   A new build
    (2000.0.1.33)  has  been  released  through Software602's website.
    602Pro Lan Suite 2000a build 2000.0.1.32 and earlier versions  can
    be expected to be vulnerable.  Users are encouraged to obtain  the
    new version asap.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.