Easy File Management Web Server UserID Cookie Handling Buffer Overflow

Added: 07/02/2014
BID: 67542
OSVDB: 107241

Background

Easy File Management Web Server is a Microsoft Windows based file management application that allows remote users to upload and download files through a web browser. It also supports online editing of Word, Excel, PowerPoint and PDF documents on the server by a user with just a browser.

Problem

Easy File Management Web Server 4.0 and 5.3 are vulnerable to remote stack buffer overflow as a result of not properly validating user-supplied input when handling the UserID cookie. A successful remote attacker could execute arbitrary code with the privileges of the system user.

Resolution

Contact the vendor for information on when a fix will be available. In the interim, only allow trusted sites to access the application.

References

http://www.securelist.com/en/advisories/58879

Limitations

Exploit works on Easy File Management Web Server v4.0 and v5.3.

Platforms

Windows

Back to exploit index