|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
Intelligent Management Center
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 12500. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The flaw exists within the uam.exe component which listens by default on UDP port 1811. When logging received actions to a log file, sprintf is used to build the log message. The process does not properly verify the destination buffer on the stack is of sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.