CVE-2017-9544 - There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server

CVE-2017-9544

Summary

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

References

https://www.exploit-db.com/exploits/42155/

Vulnerable Configurations

cpe:2.3:a:echatserver:easy_chat_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.1:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.1:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*
cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 26-03-2021 - 17:56)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

exploit-db

42155

Last major update

26-03-2021 - 17:56

Published

12-06-2017 - 06:29

Last modified

26-03-2021 - 17:56