ID CVE-2002-1441
Summary Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
References
Vulnerable Configurations
  • cpe:2.3:a:tomahawk_technologies:steelarrow:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:tomahawk_technologies:steelarrow:4.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 20:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 4860
  • 5494
  • 5495
  • 5496
bugtraq 20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
misc
vulnwatch 20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
xf
  • steelarrow-chunked-aro-bo(9890)
  • steelarrow-long-aro-bo(9889)
  • steelarrow-userident-bo(9888)
Last major update 05-09-2008 - 20:30
Published 11-04-2003 - 04:00
Last modified 05-09-2008 - 20:30
Back to Top