CVE-2011-3494

eSignal <10.6.2425 - RCE/DoS

Title source: llm

Description

WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17880

View Code ZIP pw:eip

exploitdb WRITEUP

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17837

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Luigi Auriemma · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb

View Code ZIP pw:eip

References (2)

[Exploit] http://aluigi.altervista.org/adv/esignal_1-adv.txt

[Vendor Advisory] http://secunia.com/advisories/45966

Scores

EPSS 0.7785

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (2)

interactivedata/esignal 10.6

interactivedata/esignal < 10.6.2425

Published Sep 16, 2011

Tracked Since Feb 18, 2026