MediaHouse Server Live Stats Runs Arbitrary Code
An unchecked buffer can allow arbitrary code to run on the server to perform actions such as spawning a command shell.
ITPro Today Staff
August 14, 2000
1 Min Read
Reported August 14, 2000 by DeepZone Digital Security
VERSIONS EFFECTED
MediaHouse Statistics Server Live Stats
DESCRIPTION
An unchecked buffer exists within the code the process Web-based GET commands, where the buffer can be overflowed to cause the execution of arbitrary code on the server.
By sending a string of approximately 2033 bytes in length the buffer will overflow.
VENDOR RESPONSE
MediaHouse has created a 5.03 patch that corrects for the Statistics Server (LiveStats) 5.02x memory overflow bug.
CREDIT
Discovered by DeepZone Digital Security
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like