{"vuid":"VU#666073","idnumber":"666073","name":"AbsoluteTelnet vulnerable to buffer overflow via overly long window title","keywords":["AbsoluteTelnet","buffer overflow","long window title"],"overview":"A remotely exploitable buffer overflow vulnerability exists in AbsoluteTelnet. This vulnerability may allow a malicious server operator to execute arbitrary code on a vulnerable client.","clean_desc":"AbsoluteTelnet is a terminal client. A remotely exploitable buffer overflow vulnerability exists in the code that sets the terminal titlebar. This vulnerability may allow a malicious server operator to execute arbitrary code. An exploit for this vulnerability is publicly available.","impact":"A malicious server operator may be able to execute arbitrary code on a host running AbsoluteTelnet.","resolution":"Upgrade to AbsoluteTelnet version 2.12 RC10. For information on how to obtain 2.12 RC10, please see http://www.celestialsoftware.net/telnet/beta_software.html.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Knud Erik Højgaard.","author":"This document was written by Ian A Finlay.","public":["http://www.celestialsoftware.net/telnet/index.html","http://kokanins.homepage.dk/absolutetelnet.txt"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-02-06T18:50:22Z","publicdate":"2003-02-06T00:00:00Z","datefirstpublished":"2003-02-07T15:23:26Z","dateupdated":"2003-02-07T20:58:03Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"4","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"22.2","cam_scorecurrentwidelyknown":"22.2","cam_scorecurrentwidelyknownexploited":"34.2","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":22.2,"vulnote":null}