Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote malicious users to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
iss blackice agent server 3.6ecd |
||
iss blackice agent server 3.6ece |
||
iss blackice pc protection 3.6ccf |
||
iss blackice server protection 3.6cbz |
||
iss realsecure desktop 3.6ebz |
||
iss realsecure desktop 3.6eca |
||
iss realsecure desktop 7.0ebg |
||
iss realsecure desktop 7.0ebh |
||
iss realsecure guard 3.6ecd |
||
iss realsecure guard 3.6ece |
||
iss realsecure sentry 3.6ebz |
||
iss realsecure sentry 3.6eca |
||
iss realsecure server sensor 6.0.1_win_sr1.1 |
||
iss realsecure server sensor 6.0 |
||
iss realsecure server sensor 6.5_win_sr3.6 |
||
iss realsecure server sensor 6.5_win_sr3.7 |
||
iss realsecure server sensor 7.0 |
||
iss blackice agent server 3.6ecf |
||
iss blackice pc protection 3.6cbz |
||
iss blackice server protection 3.6cca |
||
iss blackice server protection 3.6ccb |
||
iss realsecure desktop 3.6ecb |
||
iss realsecure desktop 3.6ecd |
||
iss realsecure desktop 7.0ebj |
||
iss realsecure desktop 7.0ebk |
||
iss realsecure guard 3.6ecf |
||
iss realsecure network sensor 7.0 |
||
iss realsecure sentry 3.6ecb |
||
iss realsecure sentry 3.6ecc |
||
iss realsecure server sensor 6.5 |
||
iss realsecure server sensor 6.5_win_sr3.8 |
||
iss realsecure server sensor 6.5_win_sr3.9 |
||
iss blackice agent server 3.6ebz |
||
iss blackice agent server 3.6eca |
||
iss blackice pc protection 3.6cca |
||
iss blackice pc protection 3.6ccb |
||
iss blackice server protection 3.6ccc |
||
iss blackice server protection 3.6ccd |
||
iss realsecure desktop 3.6ece |
||
iss realsecure desktop 3.6ecf |
||
iss realsecure desktop 7.0ebl |
||
iss realsecure guard 3.6ebz |
||
iss realsecure guard 3.6eca |
||
iss realsecure sentry 3.6ecd |
||
iss realsecure sentry 3.6ece |
||
iss realsecure server sensor 6.5_win_sr3.1 |
||
iss realsecure server sensor 6.5_win_sr3.10 |
||
iss blackice agent server 3.6ecb |
||
iss blackice agent server 3.6ecc |
||
iss blackice pc protection 3.6ccc |
||
iss blackice pc protection 3.6ccd |
||
iss blackice pc protection 3.6cce |
||
iss blackice server protection 3.6cce |
||
iss blackice server protection 3.6ccf |
||
iss realsecure desktop 7.0eba |
||
iss realsecure desktop 7.0ebf |
||
iss realsecure guard 3.6ecb |
||
iss realsecure guard 3.6ecc |
||
iss realsecure sentry 3.6ecf |
||
iss realsecure server sensor 6.0.1 |
||
iss realsecure server sensor 6.5_win_sr3.4 |
||
iss realsecure server sensor 6.5_win_sr3.5 |
||
iss proventia a series xpu 20.11 |
||
iss proventia a series xpu 22.1 |
||
iss proventia a series xpu 22.8 |
||
iss proventia a series xpu 22.9 |
||
iss proventia g series xpu 22.5 |
||
iss proventia g series xpu 22.6 |
||
iss proventia m series xpu 1.4 |
||
iss proventia m series xpu 1.5 |
||
iss proventia m series xpu 1.6 |
||
iss proventia a series xpu 22.10 |
||
iss proventia a series xpu 22.2 |
||
iss proventia a series xpu 22.3 |
||
iss proventia g series xpu 22.1 |
||
iss proventia g series xpu 22.10 |
||
iss proventia g series xpu 22.7 |
||
iss proventia g series xpu 22.8 |
||
iss proventia m series xpu 1.7 |
||
iss proventia m series xpu 1.8 |
||
iss proventia a series xpu 22.4 |
||
iss proventia a series xpu 22.5 |
||
iss proventia g series xpu 22.11 |
||
iss proventia g series xpu 22.2 |
||
iss proventia g series xpu 22.9 |
||
iss proventia m series xpu 1.1 |
||
iss proventia m series xpu 1.9 |
||
iss proventia a series xpu 22.6 |
||
iss proventia a series xpu 22.7 |
||
iss proventia g series xpu 22.3 |
||
iss proventia g series xpu 22.4 |
||
iss proventia m series xpu 1.2 |
||
iss proventia m series xpu 1.3 |
Vulmon