1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: BigAnt IM Server USV Request Buffer Overflow

Attack: BigAnt IM Server USV Request Buffer Overflow

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit Buffer Overflow issues in BigAnt Server 2.52.

Additional Information

BigAnt IM Server is an instant-messaging server to be used with the BigAnt Messenger, an enterprise IM system for Windows platforms.

The server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The issue occurs when the AntServer module ('AntServer.exe') handles overly large 'USV' requests via TCP port 6660.

Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the server. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • BigAnt IM Server 2.52 is vulnerable; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube