EvoCam 3.6.6 / 3.6.7 Web Server GET Request Overflow
High Nessus Plugin ID 47682
SynopsisThe remote host has an application that may be susceptible to a remote buffer overflow attack.
DescriptionThe version of EvoCam installed on the Mac OS X host is either 3.6.6 or 3.6.7. Such versions reportedly contain a buffer overflow in the Web Server component.
Using an overly long GET request, an unauthenticated remote attacker may be able to leverage this vulnerability to execute arbitrary code on the remote host subject to the privileges under which the application runs.
SolutionUpgrade to EvoCam 3.6.8 or later.