Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:DL:QUO-ESIGNAL-BOF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Interactive Data eSignal Stack Buffer Overflow

Release Date

 2011/12/14

Update Number

 2047

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Interactive Data eSignal Stack Buffer Overflow


A stack buffer overflow vulnerability exists in Interactive Data eSignal. The vulnerability is due insufficient validation of string lengths when copying input into a fixed size stack buffer in certain file types. A remote attacker could exploit this vulnerability by enticing the user to open a maliciously crafted file. Successful exploitation would lead to execution of arbitrary code in the security context of the target user.

Extended Description

WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected Products

  • Interactivedata esignal 10.6
  • Interactivedata esignal 10.6.2425

References

  • CVE: CVE-2011-3494
  • URL: http://aluigi.altervista.org/adv/esignal_1-adv.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out