| VID |
23142 |
| Severity |
40 |
| Port |
32000 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The MERCUR Messaging Control server, according to its banner, has multiple buffer overflow vulnerabilities. Atrium Software MERCUR Messaging Control Server is a et/web server to control MERCUR Messaging softwares for Microsoft Windows platforms. MERCUR Messaging Control-Service versions prior to 2005+SP3 are vulnerable to multiple buffer overflow vulnerabilities. By sending a specially-crafted packet to the Control-Service on TCP port 32000, a remote attacker could overflow a buffer and possibly execute arbitrary code on the vulnerable server.
* Note: This check solely relied on the banner of the remote MERCUR Messaging Control server to assess this vulnerability, so this might be a false positive.
* References:
http://www.atrium-software.com/download/McrReadMe_EN.txt
* Platforms Affected:
Atrium Software, MERCUR Messaging Control-Service versions prior to 2005+SP3
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MERCUR Messaging Control server (2005+SP3 or later), available from the MERCUR Download Web site at http://www.atrium-software.com/index.php?content=download&lframe=navigation&rframe=navdownload&lang=de |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
