{"vuid":"VU#346278","idnumber":"346278","name":"AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerability","keywords":["AT&T","connect participant application","buffer overflow","stack-based buffer overflow","CWE-121","FOE"],"overview":"AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions contain a stack-based buffer overflow (CWE-121) vulnerability.","clean_desc":"CWE-121: Stack-based Buffer Overflow\nAT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions contain a stack-based buffer overflow vulnerability. AT&T Connect allows a user to join a web conference via a web browser. When joining a conference, AT&T provides the .SVT file for the user to open. Upon opening the file, the user is able to join the conference. An attacker can send a malformed .SVT file to a victim which can allow the attacker to run arbitrary code in the context of the logged in user.","impact":"A remote unauthenticated attacker that is able to trick a user into opening a malicious .SVT file may be able to obtain sensitive information, cause a denial of service condition, or execute arbitrary code with the privileges of the application.","resolution":"Apply an Update AT&T has released Connect Participant Application for Windows v.9.5.51 to address this vulnerability. Affected users are advised to upgrade.","workarounds":"","sysaffected":"","thanks":"Thanks to Christopher Gabriel of Telos Corporation for reporting this vulnerability.","author":"This document was written by Adam Rauf.","public":["http://cwe.mitre.org/data/definitions/20.html","http://www.corp.att.com/attconnectsupport/downloads/pa/","http://downloads.uc.att.com/participant/public/V90551/en/MSI/student/student_auto_register/ATT_Connect_Setup.exe"],"cveids":["CVE-2013-6029"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-09-12T12:26:42Z","publicdate":"2013-11-12T00:00:00Z","datefirstpublished":"2013-12-03T19:19:22Z","dateupdated":"2013-12-03T19:19:23Z","revision":31,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:C","cvss_temporalscore":"6.5","cvss_environmentalscore":"1.62644198365845","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}