1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Cytel StatXact Studio CY3 File 2

Attack: Cytel StatXact Studio CY3 File 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a stack based buffer overflow vulnerability in Cytel StatXact application.

Additional Information

Cytel products provide statistical solutions.

Multiple Cytel products are prone to the following buffer-overflow vulnerabilities:

1. A heap-based buffer overflow occurs because of an integer-overflow error when parsing specially crafted '.cy3' and '.cyl' data files.

2. A stack-based buffer overflow occurs in the 'CeCEDll.dll' file when parsing specially crafted '.cy3' and '.cyl' data files.

2. A stack-based buffer overflow occurs when handling the 'USE' command of the '.cyb' files.

Successful exploits can allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Affected

  • Cytel Studio 9
  • Cytel StatXact 9
  • Cytel LogXact 9
  • Cytel CrossOver 9

Response

Vendor has not supplied any patches to resolve this issue. Please visit the vendor's website for further details.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube