|
|
CVE Reference: CVE-2006-4133 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-4133 |
|
|
Description: Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/28334 ST 1016675 1017534 SREASON http://securityreason.com/securityalert/1386 SAID Secunia Advisory: SA21448 MISC http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf CERT-VN 259540 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/472889/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/457286/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/442840/100/0/threaded BID 19470 |
|
| Return to the previous page. |
