---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: NetManage RUMBA Profile File Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA14768 VERIFY ADVISORY: http://secunia.com/advisories/14768/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: NetManage RUMBA 7.x http://secunia.com/product/4595/ DESCRIPTION: Bahaa Naamneh has reported two vulnerabilities in RUMBA, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the handling ".rto" files can be exploited to cause a buffer overflow by tricking a user into opening a malicious profile file. Successful exploitation may allow execution of arbitrary code. The vulnerability has been confirmed in RUMBA OFFICE version 7.4. Versions 7.3 and prior are reportedly also affected. 2) A boundary error in the handling of ".wpa" files can be exploited to cause a buffer overflow by tricking a user into opening a malicious file. The vulnerability has been reported in versions 7.3 and prior. Other versions may also be affected. SOLUTION: Do not open untrusted ".rto" or ".wpa" files. PROVIDED AND/OR DISCOVERED BY: Bahaa Naamneh ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------