Buffer overflow in Dell Wyse_device_manager

CVE-2009-0693

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.

Vulnerability class: Buffer Overflow

EPSS: 0.161 (94.9th percentile) — read the EPSS interpretation.

Affected products

Dell Wyse_device_manager — versions 4.7.0, 4.7.1, 4.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cret@cert.org (x_refsource_MISC)
VU#654545 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
20090710 'Secure' Wyse thin clients vulnerable to remote exploit bugs (mailing-list, x_refsource_FULLDISC)
cret@cert.org (x_refsource_MISC)