Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-15-091
HistoryMar 12, 2015 - 12:00 a.m.

MICROSYS PROMOTIC Stack Buffer Overflow Remote Code Execution Vulnerability

2015-03-1200:00:00
Anonymous
www.zerodayinitiative.com
12

EPSS

0.149

Percentile

95.8%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MICROSYS PROMOTIC. Authentication is not required to exploit this vulnerability. The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process.

Related

cve 1
nvd 1
prion 1
checkpoint_advisories 1
ics 1
cvelist 1
cve
cve
CVE-2014-9205
2015-03-29 10:59:02
nvd
nvd
CVE-2014-9205
2015-03-29 10:59:02
prion
prion
Stack overflow
2015-03-29 10:59:00
checkpoint_advisories
checkpoint_advisories
Microsys Promotic PmBase64Decode Buffer Overflow (CVE-2014-9205)
2015-04-13 00:00:00
ics
ics
MICROSYS PROMOTIC Stack Buffer Overflow
2018-08-27 12:00:00
cvelist
cvelist
CVE-2014-9205
2015-03-29 10:00:00

EPSS

0.149

Percentile

95.8%

JSON
Related for ZDI-15-091
cve1nvd1prion1checkpoint_advisories1ics1cvelist1