BadBlue.MFCISAPICommand.Remote.Buffer.Overflow
Description
BadBlue is a free personal file-sharing Web server developed by Working Resources Inc.
The vulnerability is caused due to a boundary error in "ext.dll" when processing HTTP requests. This can be exploited to cause a buffer overflow by supplying a specially crafted HTTP request with an overly long "mfcisapicommand" parameter (more than 250 bytes).
Affected Products
Working Resources Inc. BadBlue 2.55.
Impact
System compromise, arbitrary code execution.
Recommended Actions
Upgrade to Working Resources Inc. BadBlue 2.61 or newer.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |