Hummingbird STR Service Buffer Overflow
Critical Nessus Plugin ID 42436
SynopsisThe remote Windows host contains an application that is affected by a buffer overflow vulnerability.
DescriptionHummingbird STR service (STRsvc.exe) is installed on the remote host.
It is included with EMC Documentum eRoom, OpenText Hummingbird, and OpenText Search Server.
The installed version is affected by a buffer overflow vulnerability.
By sending a very large packet to the Hummingbird STR service, it may be possible for an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
SolutionIf using Documentum eRoom, upgrade to version 7.4.2 or later.
If using OpenText Hummingbird or OpenText Search Server, contact the vendor for a patch.