module
7-Technologies IGSS IGSSdataServer.exe Stack Buffer Overflow
| Disclosed | Created |
|---|---|
| Mar 24, 2011 | May 30, 2018 |
Disclosed
Mar 24, 2011
Created
May 30, 2018
Description
This module exploits a vulnerability in the igssdataserver.exe component of 7-Technologies
IGSS up to version 9.00.00 b11063. While processing a ListAll command, the application
fails to do proper bounds checking before copying data into a small buffer on the stack.
This causes a buffer overflow and allows to overwrite a structured exception handling record
on the stack, allowing for unauthenticated remote code execution. Also, after the payload
exits, IGSSdataServer.exe should automatically recover.
IGSS up to version 9.00.00 b11063. While processing a ListAll command, the application
fails to do proper bounds checking before copying data into a small buffer on the stack.
This causes a buffer overflow and allows to overwrite a structured exception handling record
on the stack, allowing for unauthenticated remote code execution. Also, after the payload
exits, IGSSdataServer.exe should automatically recover.
Authors
Luigi Auriemma
Lincoln
corelanc0d3r peter.ve@corelan.be
sinn3r sinn3r@metasploit.com
Lincoln
corelanc0d3r peter.ve@corelan.be
sinn3r sinn3r@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.