Cytel Studio CY3 File Processing Buffer Overflow

Added: 12/05/2011
BID: 49924
OSVDB: 75991


Cytel Inc. provides clinical trial design services and specialized statistical applications primarily for the biotech and pharmaceutical research markets. StatXact is a statistical software package based on the exact branch of statistics used by statisticians and researchers in all fields of study for small-sample categorical and non-parametric data problem solving.


Cytel StatXact is vulnerable to a stack buffer overflow due to improper bounds checking by Cytel Studio (CeCEDll.dll) when processing .cy3 data files. A remote attacker who persuades a target user to open a specially-crafted .cy3 file could overflow a stack buffer and execute arbitrary code on the user's system.


Contact the vendor and upgrade or apply a patch when it becomes available.



Exploit works on Cytel StatXact 9.0.0.



Back to exploit index