Medicomp's MEDCIN Engine provide electronic health records (EHR) tools and information to medical professionals. MEDCIN Engine versions before version 2.22.20153.226 are vulnerable to several buffer overflows.
Medicomp MEDCIN Engine prior to version 2.22.20153.226 is vulnerable to several buffer overflows and an out-of-bounds write.
CWE-121: Stack-based Buffer Overflow - CVE-2015-2898, CVE-2015-2901
An unauthenticated remote attacker sending a specially crafted packet may be able to overwrite data in memory, cause the software to leak information to the attacker, and/or cause a denial of service. A remote attacker may also be able to execute code.
Apply an update
Thanks to Ryan Wincey for reporting this vulnerability.
This document was written by Garret Wassermann.