Vulnerability Note VU#675052
Medicomp MEDCIN Engine contains multiple vulnerabilities
Medicomp's MEDCIN Engine provide electronic health records (EHR) tools and information to medical professionals. MEDCIN Engine versions before version 2.22.20153.226 are vulnerable to several buffer overflows.
Medicomp MEDCIN Engine prior to version 2.22.20153.226 is vulnerable to several buffer overflows and an out-of-bounds write.
CWE-121: Stack-based Buffer Overflow - CVE-2015-2898, CVE-2015-2901
An unauthenticated remote attacker sending a specially crafted packet may be able to overwrite data in memory, cause the software to leak information to the attacker, and/or cause a denial of service. A remote attacker may also be able to execute code.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Medicomp||Affected||27 Jul 2015||06 Aug 2015|
CVSS Metrics (Learn More)
Thanks to Ryan Wincey for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-2898 CVE-2015-2899 CVE-2015-2900 CVE-2015-2901 CVE-2015-6006
- Date Public: 20 Oct 2015
- Date First Published: 20 Oct 2015
- Date Last Updated: 20 Oct 2015
- Document Revision: 79
If you have feedback, comments, or additional information about this vulnerability, please send us email.