| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / january, 2005 / F-Secure Policy Manager FSMSH.DLL information disclosure vul 

F-Secure Policy Manager FSMSH.DLL information disclosure vul

F-Secure Policy Manager FSMSH.DLL information disclosure vul

Date Discovered: December 9, 2004
Date Published: January 5, 2005
Last Updated: January 5, 2005

Vulnerability ID: 32031
Discovered by: oliver karow
Exploitable Locally: No
Exploitable Remotely: Yes
Impact: Remote attackers can view privileged information.
Root Cause: Software Vulnerability

F-Secure Policy Manager contains a vulnerability that can allow a remote attacker to view privileged information. The vulnerability is due to insufficient input validation on the argument to the fsmsh.dll. A remote attacker can exploit this vulnerability to view privileged information including installation paths.


Recommendations


Technical Recommendation - 32031
The vendor is working on a patch to address the vulnerability.


Vendor reference:

http://www.f-secure.com/


Affected Technologies

F-Secure Corporation: F-Secure Policy Manager 5.11


More information on CA Virus Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32031

Computer Associates – the Trusted Source of Security Knowledge

2005-01-06 12:32

Back