Sielco Sistemi Winlog Buffer Overflow
December 6, 2011 (Updated December 27, 2011)
Independent researcher Paul Davis has identified a buffer
overflow vulnerability in Sielco Sistemi Winlog application.
Successful exploitation of this vulnerability could lead to
a program crash or arbitrary code execution. This
vulnerability is not remotely exploitable and cannot be
exploited without user interaction. The exploit is only
triggered when a local user runs the vulnerable application
and loads the malformed file.
The following Sielco Sistemi products are affected:
- Winlog Lite versions older than Version 2.07.09
(Demo Version)
- Winlog PRO versions older than Version 2.07.09
Sielco Sistemi has produced a new release that mitigates
this vulnerability. Mr. Davis has validated that it resolves
the vulnerability.