CVE-2009-0693

Name of the Vulnerable Software and Affected Versions Wyse Device Manager versions 4.7.x

Description The issue concerns multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via the User-Agent HTTP header to hserver.dll or through unspecified input to hagent.exe.

Recommendations For Wyse Device Manager versions 4.7.x, consider restricting access to hserver.dll and hagent.exe to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the User-Agent HTTP header in requests to hserver.dll. At the moment, there is no information about a newer version that contains a fix for this vulnerability.