PT-2006-3201 · Banktown · Banktown Client Control

Gyu Tae

Publicado

2006-05-05

Atualizado

2018-10-18

CVE-2006-2233

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BankTown Client Control (aka BtCxCtl20Com) versions 1.4.2.51817 through 1.5.2.50209

Description The issue allows remote attackers to execute arbitrary code via a long string in the first argument to the SetBannerUrl function.

Recommendations For versions 1.4.2.51817 through 1.5.2.50209, consider restricting the length of the string passed to the SetBannerUrl function to prevent buffer overflow until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2233

Produtos afetados

Banktown Client Control

PT-2006-3201 · Banktown · Banktown Client Control

CVE-2006-2233

Identificadores relacionados

Produtos afetados

Referências · 11