TheGreenBow VPN Client TGB File OpenScriptAfterUp Parameter Local Overflow
High Nessus Plugin ID 46784
SynopsisThe remote Windows host contains a VPN client that is affected by a stack-based buffer overflow vulnerability.
DescriptionThe remote Windows host contains TheGreenBow VPN client, an IPsec VPN client.
The installed version of TheGreenBow VPN Client is earlier than 4.65.003 or is an unpatched instance of 4.65.003. As such, it is reportedly affected by a local stack based buffer overflow caused by a boundary error when processing an overly long 'OpenScriptAfterUp' parameter of the 'tgb' policy file.
An attacker, exploiting this flaw, could potentially execute arbitrary code subject to the privileges of the user running the affected application.
SolutionUpgrade to TheGreenBow VPN client version 220.127.116.11 if necessary and apply the patch referenced in the vendor's advisory.