eSignal WinSig.exe buffer overflow

Added: 07/14/2006
CVE: CVE-2004-1868
BID: 9978
OSVDB: 4583

Background

eSignal is a tool which provides real-time financial and market information. Its main application, WinSig.exe, services requests on port 80/TCP.

Problem

A buffer overflow vulnerability in eSignal allows remote attackers to execute arbitrary commands by sending a STREAMQUOTE element containing a large amount of data.

Resolution

Upgrade to eSignal version 7.6 release 3, build 636a.

References

http://archives.neohapsis.com/archives/bugtraq/2004-04/0056.html

Limitations

Exploit works on eSignal 7.6 Build 635.

Platforms

Windows 2000
Windows XP

Back to exploit index