High

CVE-2004-0193 - Unspecified vulnerability in ISS products

Publication: 2004-03-15
Summary

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • ISS Blackice Agent Server 3.6eca
  • ISS Proventia M Series XPU 1.30
  • ISS Blackice Server Protection 3.6cbz
  • ISS Realsecure Desktop 3.6eca
  • ISS Realsecure Desktop 3.6ecf
  • ISS Realsecure Desktop 7.0ebg
  • ISS Realsecure Desktop 7.0epk
  • ISS Blackice PC Protection 3.6cbd
  • ISS Realsecure Sentry 3.6ecf
  • ISS Realsecure Network 7.0
  • ISS Realsecure Server Sensor 7.0
  • ISS Proventia A Series XPU 20.15
  • ISS Proventia G Series XPU 22.3
  • ISS Realsecure Guard 3.6ecb