Vulnerabilities > Interactivedata > Esignal > 10.6.2425

DATE CVE VULNERABILITY TITLE RISK
2011-09-16 CVE-2011-3494 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Interactivedata Esignal 10.6/10.6.2425
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow.
network
low complexity
interactivedata CWE-119
critical
 10.0
10