Leon Juranic has discovered some vulnerabilities in eIQNetworks Enterprise Security Analyzer, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerabilities are caused due to errors within the MainEngine.exe process when processing commands. These can be exploited to corrupt memory or crash the process by sending certain commands with overly long arguments to port 10616/TCP.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are confirmed in versions 2.5.6 and 2.5.9. Other versions may also be affected.
Solution: Use in a trusted network environment only.
Provided and/or discovered by: Leon Juranic, INFIGO IS.
Original Advisory: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2007-04-05
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org