AGEphone Buffer Overflow in 'sipd.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016577 |
|
SecurityTracker URL: http://securitytracker.com/id/1016577
|
|
CVE Reference:
CVE-2006-4029
(Links to External Site)
|
Updated: Jun 13 2008
|
Original Entry Date: Jul 26 2006
|
Impact:
Execution of arbitrary code via network, User access via network
|
|
Version(s): Tested on 1.24 and 1.38.1
|
Description:
Tan Chew Keong reported a vulnerability in AGEphone. A remote user can execute arbitrary code on the target system.
A remote user can send a specially crafted SIP packet via UDP to trigger a buffer overflow in 'sipd.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target service.
The original report is available at:
http://vuln.sg/agephone1381-en.html
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.ageet.com/us/agephone/index.htm (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 25 Jul 2006 10:46:48 +0800
Subject: [vuln.sg] AGEphone
|
[vuln.sg] Vulnerability Research Advisory
AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow
by Tan Chew Keong
Release Date: 2006-07-25
Summary
-------
A vulnerability has been found in AGEphone. When exploited, the
vulnerability allows execution of arbitrary code with privileges of the
AGEphone user via a single specially-crafted UDP SIP packet.
Tested Versions
---------------
AGEphone for Windows version 1.24 and 1.38.1
Details
-------
http://vuln.sg/agephone1381-en.html
|
|
