Info

Disclosure

Aug 13, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in the 4tH compiler. The program fails to validate input to the InName and OutName strings in the Menu4tH function resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.4e-pre4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

HanSoft

4tH

3.3c

References

Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2004-08/0011.html
Vendor URL: http://www.xs4all.nl/~thebeez/4tH/foldtree.html

Credit

Hans Bezemer - hansoftbigfoot.com -

Direct URL: http://osvdb.org/36218