CVE-2011-1741 – EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-1741

Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. Desbordamiento de búfer basado en pila en ftserver.exe en OpenText Hummingbird Client Connector, como el usado en Indexing Server en EMC Documentum eRoom v7.x before v7.4.3.f y otros productos, permite a atacantes remotos ejecutar código de su elección mandando un mensaje manipulado sobre TCP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bundled implementation of OpenText's HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet's contents into a buffer located on the stack. • http://securityreason.com/securityalert/8311 http://securitytracker.com/id?1025790 http://www.securityfocus.com/archive/1/518897/100/0/threaded http://www.securityfocus.com/archive/1/518913/100/0/threaded http://www.securityfocus.com/bid/48712 http://www.zerodayinitiative.com/advisories/ZDI-11-236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •