SAS Integration Technologies Client ActiveX Stack Buffer Overflow

High Nessus Plugin ID 67129


The remote host has an ActiveX control installed that is affected by a stack-based buffer overflow.


The version of the SAS Integration Technologies Client installed on the remote host is affected by a stack-based buffer overflow condition in the 'SASspk.dll' ActiveX control due to improper validation of user-supplied input to the RetrieveBinaryFile() function via the 'bstFileName' parameter. An unauthenticated, remote attacker can exploit this, via a crafted file, to cause a denial of service or the execution of arbitrary code.


Apply the appropriate hotfix in the vendor's advisory.

See Also

Plugin Details

Severity: High

ID: 67129

File Name: sas_sasspk_activex.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/07/02

Modified: 2015/12/01

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sas:sas_integration_technologies

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/17

Vulnerability Publication Date: 2013/05/25

Reference Information

OSVDB: 94009

EDB-ID: 25714