TVMOBiLi HTTP Request Processing Two Buffer Overflow
TVMOBiLi HTTP Request Processing Two Buffer Overflow Vulnerabilities
Release Date : 2012-12-07
Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch
Software: TVMOBiLi 2.x
Two vulnerabilities have been discovered in TVMOBiLi, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) A boundary error in the "CHTTPServerTransaction::LoadResource()" method (HttpUtils.dll) when processing a web request can be exploited to cause a limited stack-based buffer overflow resulting in a crash only via a specially crafted URL.
2) A boundary error in the "CHTTPServerTransaction::LoadFile()" method (HttpUtils.dll) when processing a web request can be exploited to cause a heap-based buffer overflow via a specially crafted URL.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 2.1.3557. Prior versions may also be affected.
Update to version 2.1.3974.
Provided and/or discovered by:
1) High-Tech Bridge
2) Additional information provided by Secunia Research.