Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow Vulnerability

Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow Vulnerability

Multiple vendor products are prone to a remote buffer-overflow vulnerability in 'XFERWAN.EXE'.

The vulnerability arises in the service when handling logging requests. Specifically, a long filename can trigger an overflow condition that will corrupt memory.

A remote attacker may trigger a denial-of-service condition or may execute arbitrary code with SYSTEM privileges. This may facilitate a complete compromise of affected systems.

The following versions contain the affected executable and are considered vulnerable:

Centennial Discovery 2006 Feature Pack 1
Symantec Discovery 6.5
Numara Asset Manager 8.0

Earlier versions of each application may be affected as well.