OSVDB ID: 86784

Title: Ezhometech EzServer memcpy() Function Crafted AMF Request Parsing Remote Memory Corruption DoS

Info

Disclosure

Oct 16, 2012

Discovery

Unknown

Dates

Exploit

Oct 16, 2012

Solution

Unknown

Description

A memory corruption flaw exists in Ezhometech EzServer. The issue is triggered when memcpy() function fails to sanitize user-supplied input during the parsing of a specially crafted AMF request, which will result in memory corruption. This may allow a remote attacker to cause a denial of service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: No Vendor Response

Solution

OSVDB is not aware of a confirmed solution for this vulnerability. It is possible, though not confirmed, that 7.1 may potentially address this vulnerability.

Products

EZhometech, Inc.

EZserver

7.0

References

CVE ID: 2012-4750 (see also: NVD)
Exploit Database: 22006
Vendor URL: http://www.ezhometech.com/ezserver.htm/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86784