Document Title: =============== WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/1BCkBek Release Date: ============= 2015-06-01 Vulnerability Laboratory ID (VL-ID): ==================================== 1500 Common Vulnerability Scoring System: ==================================== 6.8 Product & Service Introduction: =============================== Unlike a typical FTP client, WebDrive allows you to open and edit server-based, files without the additional step of downloading the file. Using a simple wizard, you assign a network drive letter to the FTP Server. WebDrive supports additional protocols such as WebDAV, SFTP and Amazon S3 and maps a drive letter to each of these servers.You can map unique drive letters to multiple servers.Download the full-function 20-day trial of WebDrive and make file management on remote servers easier and more efficient! (Copy of the Vendor Homepage: http://ift.tt/1iU94Sw ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered an unicode buffer overflow vulnerability in the official WebDrive v12.2 (Build 4172) 32 bit software. Vulnerability Disclosure Timeline: ================================== 2015-06-01: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== South River Technologies Product: WebDrive - Software 12.2 (Build 4172) 32 bit Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A buffer overflow software vulnerability has been discovered in the official WebDrive v12.2 (Build 4172) 32 bit software. The buffer overflow vulnerability allows to include unicode strings to basic code inputs from a system user account to compromise the software process or system. A fail to sanitize the input of the URL/Address results in compromise of the software system process. Attackers are able to include large unicode strings to overwrite the registers like eip, ebp and co. WebDrive connects to many types of web servers, as well as servers in the cloud. You can use WebDrive to access your files on all of the following server types and protocols: WebDAV
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment