eSignal WinSig.exe long StyleTemplate buffer overflow

Added: 11/21/2011
CVE: CVE-2011-3494
BID: 49600
OSVDB: 75456

Background

eSignal is a tool which provides real-time financial and market information.

Problem

WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long StyleTemplate element in a QUO file, which triggers a stack-based buffer overflow.

Resolution

Upgrade or apply patches when the vulnerability is fixed.

References

http://aluigi.altervista.org/adv/esignal_1-adv.txt

Limitations

Exploit works on eSignal 10.6.2425.1208.

Platforms

Windows

Back to exploit index