Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-3494 | First vendor Publication | 2011-09-16 |
Vendor | Cve | Last vendor Modification | 2012-06-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3494 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
eSignal WinSig.exe long StyleTemplate buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2011-09-16 | Name : eSignal Multiple Vulnerabilities File : nvt/gb_esignal_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75457 | eSignal WinSig.exe <FaceName> Tag Time and Sales File Handling Overflow |
75456 | eSignal WinSig.exe <StyleTemplate> File Handling Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Interactive Data eSignal stack buffer overflow attempt RuleID : 36661 - Revision : 4 - Type : FILE-OTHER |
2016-03-14 | Interactive Data eSignal stack buffer overflow attempt RuleID : 36660 - Revision : 3 - Type : FILE-OTHER |
2016-03-14 | Interactive Data eSignal stack buffer overflow attempt RuleID : 36659 - Revision : 3 - Type : FILE-OTHER |
2016-03-14 | Interactive Data eSignal stack buffer overflow attempt RuleID : 36658 - Revision : 3 - Type : FILE-OTHER |
2014-03-06 | Interactive Data eSignal stack buffer overflow attempt RuleID : 29527 - Revision : 5 - Type : FILE-OTHER |
2014-03-06 | Interactive Data eSignal stack buffer overflow attempt RuleID : 29526 - Revision : 4 - Type : FILE-OTHER |
2014-01-11 | Interactive Data eSignal stack buffer overflow attempt RuleID : 28907 - Revision : 5 - Type : FILE-OTHER |
2014-01-11 | Interactive Data eSignal stack buffer overflow attempt RuleID : 28906 - Revision : 5 - Type : FILE-OTHER |
2014-01-11 | Interactive Data eSignal stack buffer overflow attempt RuleID : 28905 - Revision : 5 - Type : FILE-OTHER |
2014-01-11 | Interactive Data eSignal stack buffer overflow attempt RuleID : 28904 - Revision : 5 - Type : FILE-OTHER |
2014-01-11 | Interactive Data eSignal stack buffer overflow attempt RuleID : 28903 - Revision : 5 - Type : FILE-OTHER |
2014-01-11 | Interactive Data eSignal stack buffer overflow attempt RuleID : 28902 - Revision : 4 - Type : FILE-OTHER |
2014-01-10 | Interactive Data eSignal stack buffer overflow attempt RuleID : 20843 - Revision : 14 - Type : FILE-OTHER |
2014-01-10 | Interactive Data eSignal stack buffer overflow attempt RuleID : 20842 - Revision : 13 - Type : FILE-OTHER |
Sources (Detail)
Source | Url |
---|---|
MISC | http://aluigi.altervista.org/adv/esignal_1-adv.txt |
SECUNIA | http://secunia.com/advisories/45966 |
Alert History
Date | Informations |
---|---|
2021-05-04 12:17:34 |
|
2021-04-22 01:20:53 |
|
2020-05-23 13:16:58 |
|
2020-05-23 01:46:40 |
|
2020-05-23 00:31:07 |
|
2016-04-26 21:04:28 |
|
2014-03-06 21:20:46 |
|
2014-01-19 21:28:09 |
|
2013-05-10 23:07:29 |
|