Vulnerabilities > CVE-2008-5159 - Numeric Errors vulnerability in Clientsoftware Wincome MPD Total

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
clientsoftware
CWE-189
critical
exploit available
metasploit
NVD
Published: 2008-11-18
Updated: 2018-10-11

Summary

Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.

Vulnerable Configurations

Part Description Count
Application
Clientsoftware
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionWinComLPD Total 3.0.2.623 Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability. CVE-2008-5159. Remote exploits for multiple platform
    idEDB-ID:31106
    last seen2016-02-03
    modified2008-02-04
    published2008-02-04
    reporterLuigi Auriemma
    sourcehttps://www.exploit-db.com/download/31106/
    titleWinComLPD Total 3.0.2.623 - Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability
  • descriptionWinComLPD. CVE-2008-5159. Remote exploit for windows platform
    idEDB-ID:16335
    last seen2016-02-01
    modified2010-06-22
    published2010-06-22
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16335/
    titleWinComLPD <= 3.0.2 - Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in WinComLPD <= 3.0.2. By sending an overly long authentication packet to the remote administration service, an attacker may be able to execute arbitrary code.
idMSF:EXPLOIT/WINDOWS/LPD/WINCOMLPD_ADMIN
last seen2020-06-12
modified2017-09-14
published2008-02-07
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5159
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/lpd/wincomlpd_admin.rb
titleWinComLPD Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83035/wincomlpd_admin.rb.txt
idPACKETSTORM:83035
last seen2016-12-05
published2009-11-26
reportermetasploit.com
sourcehttps://packetstormsecurity.com/files/83035/WinComLPD-3.0.2-Buffer-Overflow.html
titleWinComLPD <= 3.0.2 Buffer Overflow

References