|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
The specific flaw exists in the parsing of HTTP requests in LicenseServer.exe listening by default on port 4420. When parsing large HTTP headers, the application will overflow a heap buffer due to an unsafe memory block copy operation. An attacker could leverage this to execute arbitrary code in the context of SYSTEM.
~2/20/2015 - ZDI called Wavelink customer service and a recorded message indicated these products are supported by another entity
-- Vendor Patch:
Here is a link: http://www.wavelink.com/Download-Emulation-License-Server-Software/
|CREDIT||Andrea Micalizzi (rgod)