Wednesday, December 05, 2007

Cisco Security Agent for Windows Csatdi.sys Remote Buffer Overflow Vulnerability

Via Cisco.com.

A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.

The vulnerability is triggered during processing of a crafted TCP segment destined to TCP port 139 or 445. These ports are used by the Microsoft Server Message Block (SMB) protocol.

Cisco has released free software updates that address this vulnerability.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2007-5580 has been assigned to this vulnerability.

More here.

posted by Fergie @ 12/05/2007 11:20:00 AM

0 Comments:

Post a Comment

<< Home