The WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate the length of key exchange algorithm strings. This may allow a remote, unauthenticated attacker to execute arbitrary code.
wodSSHServer ActiveX component
According to the wodSSHServer ActiveX component website:
A remote attacker may be able to execute arbitrary code on the server using the wodSSHServer ActiveX component. If that server is running with administrative privileges, the attacker could gain complete control of the system.
This issue was reported by Gerry Eisenhaur.
This document was written by Jeff Gennari.
|Date First Published:||2006-05-18|
|Date Last Updated:||2006-05-18 21:49 UTC|