TITLE - Buffer Overflow in Platinum PCM 7.0

NATURE - Denial-of-Service, Remote Code Execution

PLATFORMS - Windows NT 4.0

DETAILS:
Policy Compliance Manager is a product that performs checks on the system, in order to ensure that
security policies are enforced. It acts very much as a security scanner, but with a limited number of
security checks.

PCM Agent can be installed on different machines. Then, users can establish connection and initiate
checks using the PCM Client

PROBLEM:
If certain amount of data is sent to port where Smaxagent.exe (Agent) is listening [1827], Smaxagent
will crash. Restart of the service is needed.

Remote users can also execute arbitrary code.

FIXES:
Platinum has been informed about this issue (and confirmed the problem) on September 9th 1998.

UPDATE:
Hotfix has been issued by Platinum.