1C: Arcadia Internet Store Denial of Service Vulnerability

1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility.

One of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output.

Remote attackers can request dos devices, such as 'con', 'com1', 'com2', etc. When 'tradecli.dll' attempts to open these files a denial of service may occur.


 

Privacy Statement
Copyright 2010, SecurityFocus