Short Name |
APP:LANDESK-QIP-HEAL |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
LANDesk Management Suite QIP Service Heal Packet Buffer Overflow |
Release Date |
2010/10/13 |
Update Number |
1791 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
There exists a memory corruption vulnerability in LANDesk QIP service. The vulnerability is due to insufficient validation when processing specially crafted In case of a successful exploitation, the attacker can inject and execute arbitrary code with the privileges of the affected service, normally In the case of an unsuccessful code execution attack, the service will be terminated due to memory corruption, causing Denial of Service.
LANDesk Intel QIP Service is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. This will result in a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects the following: LANDesk Management Suite 8.8 and earlier LANDesk Security Suite 8.8 and earlier LANDesk Server Manager 8.8 and earlier