Summary
The host is running Sentinel Protection Installer and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow remote attackers to cause the application to crash, creating a denial-of-service condition.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to a boundary error in Sentinel Keys Server within the 'sntlkeyssrvr.exe' when handling long requests, can be exploited to cause a stack-based buffer overflow via an overly-long request.
Affected
Sentinel Protection Installer version 7.6.5 (sntlkeyssrvr.exe v1.3.1.3)
References
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
- Adobe Digital Edition Denial of Service Vulnerability (Windows)
- Adobe Reader '.ETD File' Denial of Service Vulnerability (Mac OS X)
- Allegro Software RomPager 2.10 Denial of Service