• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NCP Secure Client Multiple Vulnerabilities

NCP Secure Client is susceptible to multiple vulnerabilities.

The following issues have been identified:
- Firewall rules designed to allow only specific applications to access the network may be bypassed.
- Some applications are prone to local command-line-argument buffer-overflow vulnerabilities.
- The VPN client is susceptible to a remote denial-of-service vulnerability.
- The VPN client is susceptible to a local privilege-escalation vulnerability.

These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users.

NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected.