Vendor 4D Inc.1 Operating System Windows 98/NT 4.0/2000 Software Name WebServer 6.5.7 Vulnerability/ Impact A buffer overflow vulnerability exists due to insufficient bounds checking in the username/ password fields, which could let a remote malicious user execute arbitrary code. Testing conducted by the Security Community combined with analysis of vendorsupplied information , has shown that the alleged buffer overflow within ACD Systems' ACDSEE version 4.0 DOES NOT EXIST. Patches/Workarounds/ Alerts Upgrade to the latest version available at: Common Name WebServer Buffer Overflow Risk* High Attacks/ Scripts Bug discussed in newsgroups and websites.
ACD Systems, Inc.2
Multiple
ACDSee 4.0
**UPDATED POSTING**
No Risk
Bug discussed in newsgroups and websites. Proof of Concept exploit has been published.
1
iXsecurity Security Vulnerability Report, 20020404, May 3, 2002.
NIPC CyberNotes #2002-10
Page 1 of 27
05/20//2002
Vendor America OnLine3
Operating System Windows 95/98/ME/ NT 4.0/2000, XP, Apple MacOS 9.0
America OnLine4
Windows 95/98/ME/ NT 4.0/2000, XP
Software Name Instant Messenger 4.0, 4.1, 4.1.2010, 4.2, 4.2.1193, 4.3, 4.3.2229, 4.4-4.7, 4.7.2480, 4.8.2646, 4.8.2616 Instant Messenger 4.2-4.7, 4.7.2480, 4.8.2646, 4.8.2616
Vulnerability/ Impact A buffer overflow vulnerability exists due to the way malformed 'aim:AddBuddy' hyperlinks are handled, which could let a malicious user cause a Denial of Service.
Patches/Workarounds/ Alerts No workaround or patch available at time of publishing.
Common Name Instant Messenger AddBuddy Hyperlink Denial of Service
Risk* Low
Attacks/ Scripts Bug discussed in newsgroups and websites. There is no exploit code required.
A remote buffer overflow vulnerability exists due to the way 'AddExternalApp' requests are handled, which could let a remote malicious user obtain the same privileges of the user currently logged on.

上一页下一页