TIBCO SmartSockets Request Heap Buffer Overflow Vulnerability
TIBCO SmartSockets is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the affected application, denying service to legitimate users.
The following components are affected:
TIBCO RTworks Server (rtserver)
TIBCO RTworks Data Archive Process (rtarchive)
TIBCO RTworks Data Playback Process (rtplayback)
TIBCO RTworks Data Acquisi- TIon Process (rtdaq)
TIBCO RTworks Human Computer Interface (rthci)
TIBCO RTworks Inference Engine (r- TIe)
TIBCO RTworks libraries (r- TIpc, rtu- TIl)