CVE-2011-3494

Name of the Vulnerable Software and Affected Versions eSignal versions 10.6.2425 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long StyleTemplate element in a QUO, SUM, or POR file, which triggers a stack-based buffer overflow, or a long Font->FaceName field, which triggers a heap-based buffer overflow.

Recommendations For versions 10.6.2425 and earlier, update to a version later than 10.6.2425 to resolve the issue. As a temporary workaround, consider restricting the use of long StyleTemplate elements and Font->FaceName fields in QUO, SUM, or POR files to minimize the risk of exploitation.