发布时间 :2002-07-26 00:00:00
修订时间 :2016-10-17 22:20:19

[原文]Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe.

[CNNVD]TalentSoft Web+ Webpsvc缓冲区溢出漏洞(CNNVD-200207-116)

        Talentsoft Web+ 5.0版本及之前版本的webpsvc.exe存在缓冲区溢出漏洞。远程攻击者可以借助webplus.exe程序的超长参数执行任意代码,该漏洞触发了webplus.exe中的溢出。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20020305 Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)
(VENDOR_ADVISORY)  XF  webplus-webpsvc-bo(8361)

- 漏洞信息

TalentSoft Web+ Webpsvc缓冲区溢出漏洞
危急 缓冲区溢出
2002-07-26 00:00:00 2005-10-20 00:00:00
        Talentsoft Web+ 5.0版本及之前版本的webpsvc.exe存在缓冲区溢出漏洞。远程攻击者可以借助webplus.exe程序的超长参数执行任意代码,该漏洞触发了webplus.exe中的溢出。

- 公告与补丁

        Patches are available.
        TalentSoft Web+ Server 4.6
        TalentSoft Web+ Server 5.0

- 漏洞信息

talentsoft Web+ webpsvc.exe Long URL Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in Web+. The 'webpsvc.exe' service fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long URL request to the 'webplus.exe' script, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2002-03-01 2002-02-12
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Webplus has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

TalentSoft Web+ Webpsvc Buffer Overflow Vulnerability
Boundary Condition Error 4233
Yes No
2002-03-01 12:00:00 2009-07-11 10:56:00
This issue was reported in a NGSSoftware Insight Security Research Advisory.

- 受影响的程序版本

TalentSoft Web+ Server 5.0
- Linux libc 5x
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
TalentSoft Web+ Server 4.6
- FreeBSD FreeBSD 3.x
- FreeBSD FreeBSD 2.x
- Linux libc 5x
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.x
- RedHat Linux 4.x
- Sun Solaris x86
- Sun Solaris 8_sparc

- 漏洞讨论

TalentSoft Web+ is an environment for developing web-based client/server applications. It will run on Microsoft Windows 9x/NT/2000 operating systems.

The Web+ executable does not perform sufficient bounds checking on strings that are passed to services. In particular, an excessively long URL may cause stack variables to be overwritten, potentially resulting in the execution of attacker-supplied instructions. At the very least, this may cause a denial of service to the Web+ server.

Since the services in question run with SYSTEM privileges, successful exploitation resulting in arbitrary code execution will enable a remote attacker to fully compromise a host running the vulnerable software.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Patches are available.

TalentSoft Web+ Server 4.6

TalentSoft Web+ Server 5.0

- 相关参考