AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Vulnerabilities
September 13, 2011
Luigi Auriemma has discovered two vulnerabilities in
DAQFactory, which can be exploited by malicious people to
compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors when
logging client details for received NETB datagrams and can
be exploited to cause stack-based buffer overflows via an
overly large, specially crafted datagram sent to UDP port
20034.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in version 5.85 build
1853. Other versions may also be affected.