1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: eSignal QUO File CVE-2011-3494

Attack: eSignal QUO File CVE-2011-3494

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in eSignal which could result in remote code execution.

Additional Information

eSignal is an application that provides real-time stock market information. It is commercially available for the Microsoft Windows platform.

eSignal is prone to the following buffer-overflow vulnerabilities:

1. A stack-based buffer-overflow vulnerability exists in the 'WinSig.exe' process when handling QUOTE files ('.quo')

2. A stack-based buffer-overflow vulnerability exists in the 'WinSig.exe' process when handling the 'FaceName' Tag in a specially crafted Time and Sales file (".ets").

Remote attackers can exploit these issues by enticing an unsuspecting user into opening maliciously crafted files.

Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Affected

  • eSignal 10.6.2425.1208 is vulnerable; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube