ValiCert Enterprise Validation Authority forms.exe extension Buffer Overflow Vulnerability

ValiCert Enterprise Validation Authority includes an Administration Server, which can be accessed through a web interface. CGI functionality is provided by the script forms.exe. This script is available on port 13333 in the default installation.

One of the functions provided by this script is the ability to add new extensions which are processed by custom policies. Passing the extensions function an unusually long string will overflow its buffer. This could overwrite the stack, and possibly lead to execution of arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus