Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-03-23T05:00:00
Updated: 2024-08-08T00:17:14.262Z
Reserved: 2004-03-18T00:00:00
Link: CVE-2004-0362
Vulnrichment
No data.
NVD
Status : Modified
Published: 2004-04-15T04:00:00.000
Modified: 2024-11-20T23:48:24.907
Link: CVE-2004-0362
Redhat
No data.