ValiCert Enterprise Validation Authority forms.exe Certificate_File Buffer Overflow Vulnerability

ValiCert Enterprise Validation Authority includes an Administration Server, which can be accessed through a web interface. CGI functionality is provided by the script forms.exe. This script is available on port 13333 in the default installation.

One of the services allows the creation of a Microsoft-type certificate. If an unusually long string is passed into this function as the 'Certificate_Files' parameter, a string buffer will be overflowed. This could overwrite the stack, and possibly lead to execution of arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus