Computer Associates iTechnology iGateway Service Content-Length Heap Overflow Vulnerability

Computer Associates iTechnology iGateway Service Content-Length Heap Overflow Vulnerability

The iGateway component of various Computer Associates products allows remote attackers to execute arbitrary code by exploiting a heap-overflow vulnerability.

The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service.

A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms.

Products containing iGateway 4.0.051230 are vulnerable to this issue.