Vulnerabilities > CVE-2008-5159 - Numeric Errors vulnerability in Clientsoftware Wincome MPD Total
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description WinComLPD Total 3.0.2.623 Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability. CVE-2008-5159. Remote exploits for multiple platform id EDB-ID:31106 last seen 2016-02-03 modified 2008-02-04 published 2008-02-04 reporter Luigi Auriemma source https://www.exploit-db.com/download/31106/ title WinComLPD Total 3.0.2.623 - Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability description WinComLPD. CVE-2008-5159. Remote exploit for windows platform id EDB-ID:16335 last seen 2016-02-01 modified 2010-06-22 published 2010-06-22 reporter metasploit source https://www.exploit-db.com/download/16335/ title WinComLPD <= 3.0.2 - Buffer Overflow
Metasploit
description | This module exploits a stack buffer overflow in WinComLPD <= 3.0.2. By sending an overly long authentication packet to the remote administration service, an attacker may be able to execute arbitrary code. |
id | MSF:EXPLOIT/WINDOWS/LPD/WINCOMLPD_ADMIN |
last seen | 2020-06-12 |
modified | 2017-09-14 |
published | 2008-02-07 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5159 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/lpd/wincomlpd_admin.rb |
title | WinComLPD Buffer Overflow |
Packetstorm
data source | https://packetstormsecurity.com/files/download/83035/wincomlpd_admin.rb.txt |
id | PACKETSTORM:83035 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | metasploit.com |
source | https://packetstormsecurity.com/files/83035/WinComLPD-3.0.2-Buffer-Overflow.html |
title | WinComLPD <= 3.0.2 Buffer Overflow |
References
- http://aluigi.org/adv/wincomalpd-adv.txt
- http://aluigi.org/poc/wincomalpd.zip
- http://secunia.com/advisories/28763
- http://securityreason.com/securityalert/4610
- http://www.securityfocus.com/archive/1/487507/100/200/threaded
- http://www.securityfocus.com/bid/27614
- http://www.vupen.com/english/advisories/2008/0410