## Critical Vulnerability Information - **Vulnerability Name**: 7-Technologies IGSS <= v9.00.00 b11063 IGSSdataServer.exe Stack Overflow - **Release Date**: May 19, 2011 - **CVSS Base Score**: 10/10 - **Risk Level**: High - **CVE**: CVE-2011-1567 - **CWE**: CWE-119 - **Impact Scope**: Remote - **Impact Subscore**: 10/10 - **Exploitability Subscore**: 10/10 - **Complexity**: Low - **Confidentiality Impact**: Complete - **Integrity Impact**: Complete - **Availability Impact**: Complete - **Public Disclosure Date**: March 24, 2011 - **Authors**: Luigi Auriemma (initial discovery), poc Lincon (Metasploit), corelancold3r (ROP attack, combined with XP SP3 and 2003 Server), sinn3r (severe Msf-style strategy) - **Reference Links**: - [http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf](http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf) - [http://www.vupen.com/english/advisories/2011/0741](http://www.vupen.com/english/advisories/2011/0741) - [http://www.securityfocus.com/bid/46936](http://www.securityfocus.com/bid/46936) - [http://www.exploit-db.com/exploits/17024](http://www.exploit-db.com/exploits/17024) - [http://securia.com/advisories/43849](http://securia.com/advisories/43849) - [http://aluigi.org/adv/igss_7-adv.txt](http://aluigi.org/adv/igss_7-adv.txt) - [http://aluigi.org/adv/igss_5-adv.txt](http://aluigi.org/adv/igss_5-adv.txt) - [http://aluigi.org/adv/igss_4-adv.txt](http://aluigi.org/adv/igss_4-adv.txt) - [http://aluigi.org/adv/igss_3-adv.txt](http://aluigi.org/adv/igss_3-adv.txt) - [http://aluigi.org/adv/igss_2-adv.txt](http://aluigi.org/adv/igss_2-adv.txt) - **Vulnerability Description**: This module exploits a vulnerability in the igssdataserver.exe component of IGSS <= v9.00.00 b11063. When processing the ListAll command, the application performs no proper boundary checks before copying data into a small stack buffer, resulting in a buffer overflow. This allows overwriting the structured exception handling records on the stack, enabling remote code execution with unauthorized privileges.