VULHUB ™

A number of unchecked static buffers exist in Mobius' DocumentDirect for the Internet program. Depending on the data entered, arbitrary code execution or a denial of service attack could be launched under the privilege level of the corresponding service. Buffer Overflow #1 - Issuing the following GET request will overflow DDICGI.EXE: GET /ddrint/bin/ddicgi.exe?[string at least 1553 characters long]=X HTTP/1.0 Buffer Overflow #2 - Entering a username consisting of at least 208 characters in the web authorization form will cause DDIPROC.EXE to overflow. If random data were to be used, a denial of service attack would be launched against the DocumentDirect Process Manager which would halt all services relating to it. Buffer Overflow #3 - Issuing the following GET request will cause an access validation error in DDICGI.EXE: GET /ddrint/bin/ddicgi.exe HTTP/1.0\r\nUser-Agent: [long string of characters]\r\n\r\n

A number of unchecked static buffers exist in Mobius' DocumentDirect for the Internet program. Depending on the data entered, arbitrary code execution or a denial of service attack could be launched under the privilege level of the corresponding service. Buffer Overflow #1 - Issuing the following GET request will overflow DDICGI.EXE: GET /ddrint/bin/ddicgi.exe?[string at least 1553 characters long]=X HTTP/1.0 Buffer Overflow #2 - Entering a username consisting of at least 208 characters in the web authorization form will cause DDIPROC.EXE to overflow. If random data were to be used, a denial of service attack would be launched against the DocumentDirect Process Manager which would halt all services relating to it. Buffer Overflow #3 - Issuing the following GET request will cause an access validation error in DDICGI.EXE: GET /ddrint/bin/ddicgi.exe HTTP/1.0\r\nUser-Agent: [long string of characters]\r\n\r\n