This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a vulnerability in eSignal which could result in remote code execution.
eSignal is an application that provides real-time stock market information. It is commercially available for the Microsoft Windows platform.
eSignal is prone to the following buffer-overflow vulnerabilities:
1. A stack-based buffer-overflow vulnerability exists in the 'WinSig.exe' process when handling QUOTE files ('.quo')
2. A stack-based buffer-overflow vulnerability exists in the 'WinSig.exe' process when handling the 'FaceName' Tag in a specially crafted Time and Sales file (".ets").
Remote attackers can exploit these issues by enticing an unsuspecting user into opening maliciously crafted files.
Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
- eSignal 10.6.2425.1208 is vulnerable; other versions may also be affected.