Release DateSep 11, 2006 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit the buffer-overflow vulnerability in MiniShare application.MiniShare is a free web-server software for Microsoft Windows that can be used for sharing files using browser. A buffer-overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to boundary check the user's HTTP GET request before using it. An attacker may exploit this to cause a buffer overflow by sending a specially crafted request with overly long pathname. Successful exploitation can lead to execution of arbitrary code. |
Affected ProductsMiniShare Minimal HTTP Server 1.4.1 |
Recommended ActionsUpgrade to MiniShare 1.4.2 or later. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-6377 |
Reference/shttp://www.securityfocus.com/bid/11620 (BugTraq) |
