Release DateJul 22, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a Buffer Overflow vulnerability in Sybase M-Business Anywhere.The vulnerability is due to a boundary error while "agSoap.exe" processes closing tags for "XML" entities in a "SOAP" request. It allows a remote attacker to execute arbitrary code by sending a crafted "XML" to the target service. |
Affected ProductsSybase M-Business Anywhere 6.x prior to 6.7 ESD# 2Sybase M-Business Anywhere 7.x prior to 7.0 ESD# 6 |
Recommended ActionsRefer to the vendor's website for a suggested workaround.http://www.sybase.com/detail?id=1093029 |
Coverage IPS
VCM |
Reference/shttp://www.securityfocus.com/bid/47775/ (BugTraq)http://www.zerodayinitiative.com/advisories/ZDI-11-154/ |
