Signature Detail

APP: eSignal Buffer Overflow Exploit

This signature detects attempts to exploit a known vulnerability against eSignal, a real-time market data and support tool. Attackers can send maliciously crafted data in a STREAMQUOTE or SNAPQUOTE message, to overflow the buffer and execute code remotely.

Extended Description

It has been reported that eSignal is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer. This issue may be leveraged by an attacker to modify process memory. This may cause a denial of service condition in the process as a result of the memory manipulation. The attacker may further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the user running the affected process. This issue is reported to affect versions 7.5 and 7.6 of the software. It is quite likely however that earlier versions are affected as well.

Affected Products

• eSignal 7.5.0
• eSignal 7.6.0

References

• BugTraq: 9978
• CVE: CVE-2004-1868
• URL: http://www.esignal.com/download/default.asp
• URL: http://viziblesoft.com/insect/advisories/vz012004-esignal7.txt