CVE-2008-0532
Cisco ACS for Windows and ACS Solution Engine - Remote Code Execution via Long Argument After Logout
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0532. PoCs published by felix.
AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Cisco User-Changeable Password (UCP) by sending a maliciously crafted URL with an excessively long string. The vulnerability allows remote code execution in the context of the affected application.
Description
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
Exploits (1)
This exploit demonstrates a buffer overflow vulnerability in Cisco User-Changeable Password (UCP) by sending a maliciously crafted URL with an excessively long string. The vulnerability allows remote code execution in the context of the affected application.