Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Interactivedata eSignal WinSig.exe缓冲区溢出漏洞
Vulnerability Description
eSignal是一款外汇交易平台,提供各种市场数据。 eSignal 10.6.2425及其早期版本的WinSig.exe中存在缓冲区溢出漏洞。远程攻击者可借助QUO,SUM或POR文件中的超长StyleTemplate元素执行任意代码,触发基于栈的缓冲区溢出,或借助超长Font->FaceName字段(FaceName元素)执行任意代码,触发基于堆的缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A