Multiple Vulnerabilities in WinRoute Pro
Two seperate issues with WinRoute Pro have been identified.
January 1, 2001
Reported January 2, 2001, by Peter Miller VERSIONS AFFECTED DESCRIPTIONTwo vulnerabilities have been discovered in WinRoute Pro 4.1. The first is a low-risk flaw that causes the software to not function if you've enabled memory write protection under Windows 2000. During the installation process, WinRoute Pro disables memory write protection, which leaves the system less stable and vulnerable to various security threats. The second vulnerability presents a medium security risk. By default, WinRoute Pro lets anyone use Windows NT domain credentials to access mailboxes. If you use POP3 to access mail, WinRoute Pro lets you send this information in clear text, which could lead to the compromise of your network. VENDOR RESPONSE Tiny Software http://www.tinysoftware.com has been notified and claims that there is no easy way to address the first issue. The company plans to address the second issue with its new version of software, expected release time of June 2001. The original advisories released by Peter Miller to the Win2KSecAdvice mailing list are available at: http://www.windowsitsecurity.com/go/win2ks-l.asp?A2=IND0101A&L=WIN2KSECADVICE&P=985http://www.windowsitsecurity.com/go/win2ks-l.asp?A2=IND0101A&L=WIN2KSECADVICE&P=877 CREDITDiscovered by Peter Miller |
About the Author
You May Also Like