31 Jan 2013
13 Feb 2013
Schneider Electric Accutech Manager 2.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Schneider Electric Accutech Manager, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within RFManagerService.exe when processing HTTP requests and can be exploited to cause a heap-based buffer overflow by sending a specially crafted GET request with more than 260 bytes to TCP port 2537.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 2.00.1 and prior.
No official solution is currently available. A fix is scheduled to be released on February 28th, 2013.
The vendor credits Aaron Portnoy, Exodus Intelligence.