Multiple Vulnerabilities in WinRoute Pro

Two seperate issues with WinRoute Pro have been identified.

Steve Manzuik

January 1, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported January 2, 2001, by Peter Miller

VERSIONS AFFECTED

DESCRIPTIONTwo vulnerabilities have been discovered in WinRoute Pro 4.1. The first is a low-risk flaw that causes the software to not function if you've enabled memory write protection under Windows 2000. During the installation process, WinRoute Pro disables memory write protection, which leaves the system less stable and vulnerable to various security threats.

The second vulnerability presents a medium security risk. By default, WinRoute Pro lets anyone use Windows NT domain credentials to access mailboxes. If you use POP3 to access mail, WinRoute Pro lets you send this information in clear text, which could lead to the compromise of your network.

VENDOR RESPONSE

Tiny Software http://www.tinysoftware.com has been notified and claims that there is no easy way to address the first issue. The company plans to address the second issue with its new version of software, expected release time of June 2001.

The original advisories released by Peter Miller to the Win2KSecAdvice mailing list are available at: 

http://www.windowsitsecurity.com/go/win2ks-l.asp?A2=IND0101A&L=WIN2KSECADVICE&P=985http://www.windowsitsecurity.com/go/win2ks-l.asp?A2=IND0101A&L=WIN2KSECADVICE&P=877

CREDITDiscovered by Peter Miller

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like