GEN:SID | 1:2240 |
Message | WEB-MISC changepw.exe access |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in PDGSoft Shopping Cart.
|
Impact | Serious. Execution of arbitrary code is possible.
|
Detailed Information | Certain versions of PDGSoft Shopping Cart suffer from a buffer overflow condition that can present an attacker with the opportunity to execute arbitrary code of their choosing.
The vulnerable executable files are redirect.exe and changepw.exe, which can be accessed via the web interface.
|
Affected Systems | PDGSoft Shopping Cart 1.50
|
Attack Scenarios | The attacker needs to supply an overly long string to either of the affected executables.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/1256
|
Rule References | bugtraq: 1256
cve: 2000-0401
|