Internet threat level: 1
Home→Descriptions→SA37207
SafeNet SoftRemote Policy File Buffer Overflow Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
04 Nov 2009 |
| Last Change |
09 Nov 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
SafeNet SoftRemote 10.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Brett Gervasoni has reported a vulnerability in SafeNet SoftRemote, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in spdedit.exe when processing policy files (".spd"). This can be exploited to cause a stack-based buffer overflow via a policy file containing overly long "TREENAME" or "GROUPNAME" fields. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into importing a malicious ".spd" file. The vulnerability is reported in version 10.8.5 build 2 and version 10.3.5 build 6. Other versions may also be affected. |
| Solution |
Reportedly fixed in version 10.8.9. |
| Reported by |
Brett Gervasoni, SOS Labs |
| Original Advisory |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.