TUCoPS :: Web :: Servers :: web5184.htm

Talentsoft Web+ remote buffer overflow
14th Mar 2002 [SBWID-5184]
COMMAND

	Talentsoft Web+ remote buffer overflow

SYSTEMS AFFECTED

	Web+ 4.6/5.0

PROBLEM

	David   Litchfield   of   NGSSoftware    Insight    Security    Research
	[http://www.ngssoftware.com] posted in advisory [#NISR13032002] :
	

	Web Markup Language (wml) scripts files are  created  that  contain  the
	application logic. These are requested by a  web  client  from  the  web
	server using either an ISAPI filter (webplus.dll) or  a  CGI  executable
	(webplus.exe). These are known as Web+ clients. The Web+  client  passes
	this request to the Web+ plus server for dispatch.
	

	When a request is made for an

	overly long wml file an unchecked buffer is overflowed and the saved return

	address on the stack is overwritten. 

	

SOLUTION

	Get patch from :
	

	http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH