Easy File Sharing Web Server SESSIONID Cookie Handling Buffer Overflow

Added: 05/29/2014
CVE: CVE-2014-3791
BID: 67406
OSVDB: 106965

Background

Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system (forum).

Problem

Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as a result of not properly validating user-supplied input when handling a SESSIONID cookie. This allows a remote attacker to potentially execute arbitrary code.

Resolution

Install a fixed version when one becomes available. Alternatively, find a different software product solution.

References

http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3791.html
http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/

Limitations

Exploit works on Windows XP Professional SP2 and SP3.

Platforms

Windows

Back to exploit index