{"vuid":"VU#159907","idnumber":"159907","name":"Talentsoft Web+ contains buffer overflow in \"webpsvc.exe\"","keywords":["Talentsoft Web+","buffer overflow","webpsvc.exe","webplus.exe","long string of characters"],"overview":"Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+.","clean_desc":"Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named \"webpsvc.exe\" contains a buffer overflow vulnerability. This component is used by the Web+ CGI program \"webplus.exe,\" which is installed by default in the cgi-bin directory when Web+ is used to build a web site.","impact":"By requesting a specially crafted URI from a site running Web+, an attacker can execute arbitrary code with privileges of the user running webpsvc.exe, typically the SYSTEM user.","resolution":"Apply a patch from your vendor See the following document for more details: http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943","workarounds":"","sysaffected":"","thanks":"Thanks to Mark Litchfield for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943","http://www.securityfocus.com/bid/4233"],"cveids":["CVE-2002-0449"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-03-05T19:27:51Z","publicdate":"2002-03-05T00:00:00Z","datefirstpublished":"2002-08-05T15:25:37Z","dateupdated":"2002-08-05T15:25:41Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"4","cam_impact":"20","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.56","cam_scorecurrentwidelyknown":"5.76","cam_scorecurrentwidelyknownexploited":"10.56","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.56,"vulnote":null}