Multiple functions listening on 910/TCP and 912/TCP are susceptible to heap and stacked-based buffer overflow vulnerabilities which may allow remote execution of arbitrary code.
The part of the server listening on port 910 is vulnerable to some buffer overflows happening during the handling of the On_FC_MISC_FCS_MSGBROADCAST and On_FC_MISC_FCS_MSGSEND packets where is allocated an amount of memory equal to the 32bit size value provided by the client plus 0×16 resulting in a heap overflow during the subsequent copy of the input data.
List of the vulnerable functions:
- realwin_6a: 004326f0
- realwin_6b: 00432ae0
- All versions of Realwin 2.1.10 and older.
A remote attacker can cause the device to crash, operate incorrectly, or gain unauthorized access and may be able to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.
Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.
Users should upgrade to the 2/14/11 release of RealWin, version 2.1.11.