Short Name |
HTTP:STC:DL:QUO-ESIGNAL-BOF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Interactive Data eSignal Stack Buffer Overflow |
Release Date |
2011/12/14 |
Update Number |
2047 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A stack buffer overflow vulnerability exists in Interactive Data eSignal. The vulnerability is due insufficient validation of string lengths when copying input into a fixed size stack buffer in certain file types. A remote attacker could exploit this vulnerability by enticing the user to open a maliciously crafted file. Successful exploitation would lead to execution of arbitrary code in the security context of the target user.
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.