NetSupport Client Handshake Hostname Overflow

Added: 10/11/2011
CVE: CVE-2011-0404
BID: 45728
OSVDB: 70408


NetSupport Manager is a remote desktop support solution.


The NetSupport client/server communication is carried out over a proprietary communications protocol. This protocol begins with a handshake between the client and server. The handshake contains a hostname, which is not properly validated. In NetSupport client version 11.0 and prior, a stack-based buffer overflow condition exists due to this lack of validation. An attack may exploit this vulnerability to compromise any workstation running a vulnerable version of the NetSupport client.


No vendor upgrades are available as of this exploit's release data. Disabling NetSupport until a patch is made available should be considered. Seeking an alternative solution may also be beneficial.



This exploit has been tested against NetSupport Manager 11.00 on Red Hat Enterprise Linux Server 5.3.



Back to exploit index