Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

Overview

Talentsoft’s Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+.

Description

Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named “webpsvc.exe” contains a buffer overflow vulnerability. This component is used by the Web+ CGI program “webplus.exe,” which is installed by default in the cgi-bin directory when Web+ is used to build a web site.

---

Impact

By requesting a specially crafted URI from a site running Web+, an attacker can execute arbitrary code with privileges of the user running webpsvc.exe, typically the SYSTEM user.

---

Solution

Apply a patch from your vendor

See the following document for more details:

<http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943>

---

Vendor Information

159907

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Talentsoft Unknown

Updated: April 17, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23159907 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943&gt;
• <http://www.securityfocus.com/bid/4233&gt;

Acknowledgements

Thanks to Mark Litchfield for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	CVE-2002-0449
Severity Metric:	4.56 Date Public: