Timbuktu Pro < 8.6.7 PlughNTCommand Named Pipe Remote Stack Buffer Overflow
Critical Nessus Plugin ID 39563
SynopsisThe remote Windows host contains a program that is prone to a remote buffer overflow attack.
DescriptionThe remote Windows host contains a version of Motorola Inc.'s Timbuktu Pro that is earlier than 8.6.7. Timbuktu Pro allows remote access to a computer's desktop, and versions before 8.6.7 reportedly contain a stack-based buffer overflow that can be triggered when the 'PlughNTCommand' named pipe receives an overly large character string.
An unauthenticated, remote attacker can leverage this issue to crash the affected application or to execute arbitrary code with SYSTEM privileges.
SolutionUpgrade to Timbuktu Pro for Windows version 8.6.7 or later.