CVE-2006-5571

Name of the Vulnerable Software and Affected Versions: CruiseWorks versions 1.09c through 1.09d

Description: The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by sending a long string in the doc parameter to the /scripts/cruise/cws.exe endpoint.

Recommendations: For CruiseWorks versions 1.09c and 1.09d, consider restricting access to the /scripts/cruise/cws.exe endpoint until a patch is available. As a temporary workaround, avoid using long strings in the doc parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.