ValiCert Enterprise Validation Authority forms.exe maxMsgLen Buffer Overflow Vulnerability

ValiCert Enterprise Validation Authority includes an Administration Server, which can be accessed through a web interface. CGI functionality is provided by the script forms.exe. This script is available on port 13333 in the default installation.

One of the services provided configures how the server responds to validation requests. If an unusually long string is passed into this function as the 'maxMsgLen' parameter, a string buffer will be overflowed. This could overwrite the stack, and possibly lead to execution of arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus