• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TalentSoft Web+ Webpsvc Buffer Overflow Vulnerability

TalentSoft Web+ is an environment for developing web-based client/server applications. It will run on Microsoft Windows 9x/NT/2000 operating systems.

The Web+ executable does not perform sufficient bounds checking on strings that are passed to services. In particular, an excessively long URL may cause stack variables to be overwritten, potentially resulting in the execution of attacker-supplied instructions. At the very least, this may cause a denial of service to the Web+ server.

Since the services in question run with SYSTEM privileges, successful exploitation resulting in arbitrary code execution will enable a remote attacker to fully compromise a host running the vulnerable software.