X00Pwn

**Name of the Vulnerable Software and Affected Versions** Easy File Sharing Web Server version 7.2 **Description** The software contains a local structured exception handling buffer overflow. Local attackers can execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account. The vulnerability exists when adding a new user account. **Recommendations** Apply a fix for Easy File Sharing Web Server version 7.2.

**Name of the Vulnerable Software and Affected Versions** IntraSrv version 1.0 **Description** A remote SEH buffer overflow issue has been found, which can be triggered by sending a crafted HTTP GET or HEAD request. This could potentially compromise the hosting system. **Recommendations** For IntraSrv version 1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.