Vulnerabilities > CVE-2002-1441 - Unspecified vulnerability in Tomahawk Technologies Steelarrow 4.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html
- http://online.securityfocus.com/archive/1/288013
- http://online.securityfocus.com/archive/1/288013
- http://www.iss.net/security_center/static/9888.php
- http://www.iss.net/security_center/static/9888.php
- http://www.iss.net/security_center/static/9889.php
- http://www.iss.net/security_center/static/9889.php
- http://www.iss.net/security_center/static/9890.php
- http://www.iss.net/security_center/static/9890.php
- http://www.nextgenss.com/advisories/steel-arrow-bo.txt
- http://www.nextgenss.com/advisories/steel-arrow-bo.txt
- http://www.nextgenss.com/vna/tom-saro.txt
- http://www.nextgenss.com/vna/tom-saro.txt
- http://www.securityfocus.com/bid/4860
- http://www.securityfocus.com/bid/4860
- http://www.securityfocus.com/bid/5494
- http://www.securityfocus.com/bid/5494
- http://www.securityfocus.com/bid/5495
- http://www.securityfocus.com/bid/5495
- http://www.securityfocus.com/bid/5496
- http://www.securityfocus.com/bid/5496
- http://www.steelarrow.com/
- http://www.steelarrow.com/