BigAnt Server SCH and DUPF Stack Overflow

Added: 02/22/2013
CVE: CVE-2012-6275
BID: 57214
OSVDB: 89344

Background

BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more.

Problem

BigAnt Server versions 2.97 SP7 and prior are vulnerable to a stack overflow condition due to improper validation of user supplied username and filename fields when handling SCH and DUPF commands.

Resolution

No patch is available from the vendor at this time.

References

http://www.kb.cert.org/vuls/id/990652

Limitations

This exploit has been tested against BigAntSoft BigAnt Server 2.97 SP7 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

Back to exploit index