Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities

An attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI.

DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following proof-of-concept URI demonstrates one of the buffer-overflow issues:

http://www.example.com/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker.


 

Privacy Statement
Copyright 2010, SecurityFocus