Buffer overflow in Microsoft Windows

CVE-2009-4653

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modul…

Vulnerability class: Buffer Overflow

EPSS: 0.046 (89.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows
Novell Edirectory — versions 8.8
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20091112 Novell eDirectory 8.8 SP5 Denial of Service (mailing-list, x_refsource_BUGTRAQ)
37009 (Exploit, vdb-entry, x_refsource_BID)
edirectory-modulesi-bo(54264) (vdb-entry, x_refsource_XF)