Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Web+ Buffer Overflow

Web+ Buffer Overflow

by Nikola Strahija on March 5th, 2002 Name: Web+ Buffer Overflow Systems Affected: IIS4/5 on Windows NT/2000 Severity: High Risk Category: Buffer Overrun / Privilage Escalation Vendor URL: http://www.talentsoft.com Author: Mark Litchfield ([email protected]) Date: 1st March 2002 Advisory number: #NISR05032002A Issue: Attackers can exploit a buffer overrun vulnerability to execute arbitrary code as SYSTEM.


Description
***********
Talentsoft's Web+ v5.0 is a powerful and comprehensive development
environment for use in creating web-based client/server applications.

Details
*******
During installation webplus.exe is copied into the cgi-bin or scripts
directory and is utilised by many of TalentSoft's products such as Web+
Shop, Web+ Mall and Web+ Enterprise. By supply an overly long character
string to webplus.exe which is then passed to a system service -
webpsvc.exe. It is this service that overflows, overwriting the saved
return
address on the stack. Because Webpsvc by default is started as a system
service, any arbitrary code executed on the server would run in the
security context of the SYSTEM account.


Fix Information
***************
NGSSoftware alerted TalentSoft to these problems on 12th February 2002.
Talentsoft has created a patch for this issue and NGSSoftware advises
all Web+ customers to apply this as soon as is possible.

Please see http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943 for
more details.

A check for this issue has been added to Typhon II, of which more
information is available from the
NGSSoftware website, http://www.ngssoftware.com.

Further Information
*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »