The local buffer "SubKey" using strcat() function without any boundaryĬhecking. "ProductName" parameter is passed into the szProductName, copied into Which is used to create the uninstall registry key. The first argument (szProductName) of this function is the product name 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\',0 data:04F1EA10 char szUninstallRegistryKey
text:04F157C5 push offset szUninstallRegistryKey *szProductName,LPCSTR lpValueName,LPBYTE lpData,LPDWORD lpcbData) Happens in a function of JuniperSetupDLL.dll. ProductName parameter as follows, the stack based buffer overflow The vulnerability exists in JuniperSetupDLL.dll which is loaded from Handling a parameter of ActiveX control that will allow a remoteĪttacker to reliably overwrite the stack with arbitrary data and execute There is an exploitable buffer overflow in the JuniperSetup.ocx ActiveXĬontrol is automatically loaded throgh the web interface of Juniper Juniper Networks SSL-VPN Client Buffer OverflowĮEye Digital Security has discovered a critical vulnerability in Juniper Subject: Juniper Networks SSL-VPN Client Buffer Overflow Underlying OS: Windows (NT), Windows (2000), Windows (2003), Windows (XP) The vendor has issued the following fixed versions:
Yuji Ukai from eEye Digital Security discovered this vulnerability.Ī remote user can execute arbitrary code on the target system. The vendor was notified on February 27, 2006. The 'JuniperSetup.ocx' ActiveX control contains a buffer overflow in 'JuniperSetupDLL.dll' in the processing of the 'ProductName' parameter.Ī remote user can create specially crafted HTML that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target user's system. A remote user can cause arbitrary code to be executed on the target user's system. Impact: Execution of arbitrary code via network, User access via networkĪ vulnerability was reported in the Juniper NetScreen Instant Virtual Extranet (IVE) client. Juniper NetScreen Instant Virtual Extranet Buffer Overflow in 'JuniperSetup.ocx' ActiveX Control Lets Remote Users Execute Arbitrary CodeĬVE Reference: CVE-2006-2086 (Links to External Site) Pulse Connect Secure (formerly Juniper Pulse Secure) Home | View Topics | Search | Contact Us | Juniper NetScreen Instant Virtual Extranet Buffer Overflow in 'JuniperSetup.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker
0 kommentar(er)
