Motorola Timbuktu PlughNTCommand named pipe string buffer overflow

Added: 07/13/2009
CVE: CVE-2009-1394
BID: 35496
OSVDB: 55436

Background

Motorola Timbuktu is remote control software for Windows and Mac.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted character string to the PlughNTCommand named pipe.

Resolution

Upgrade to the latest version of Timbuktu.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=809

Limitations

Exploit works on Timbuktu Pro 8.6.6. The operating system should be fully patched as of July 9, 2009 in order for this exploit to succeed.

Platforms

Windows 2000

Back to exploit index