Vulnerabilities > CVE-2002-1441 - Buffer Overflow vulnerability in Tomahawk Technologies Steelarrow 4.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html
- http://online.securityfocus.com/archive/1/288013
- http://www.iss.net/security_center/static/9888.php
- http://www.iss.net/security_center/static/9889.php
- http://www.iss.net/security_center/static/9890.php
- http://www.nextgenss.com/advisories/steel-arrow-bo.txt
- http://www.nextgenss.com/vna/tom-saro.txt
- http://www.securityfocus.com/bid/4860
- http://www.securityfocus.com/bid/5494
- http://www.securityfocus.com/bid/5495
- http://www.securityfocus.com/bid/5496
- http://www.steelarrow.com/