SSD Advisory – Teco SG2 and TP3 Vulnerabililites

Credit to Author: SSD / Noam Rathaus| Date: Mon, 04 Jul 2016 12:58:21 +0000

Vulnerabilities Description
Multiple vulnerabilities have been found in Teco’s SG2 and TP3 product, these vulnerabilities allows attackers that are able to supply the products with a specially crafted file to cause it to execute arbitrary code.

TECO TP3 PC-LINK tpc file parsing Stack Buffer Overflow Code Execution
TECO uses their own propriety file format known as tpc. When setting an overly long string within a tpc file a stack buffer can be overflowed potentially allowing for Code Execution.

TECO SG2 Client gen file parsing Stack Buffer Overflow (SEH overwrite) Code Execution
TECO uses their own propriety file format known as gen. When setting an overly long string within a gen file a stack buffer can be overflowed potentially allowing for Code Execution.

TECO SG2 Client ‘timer function’ gfb file parsing arbitrary write Code Execution
TECO uses their own propriety file format known as gfb. When setting an overly long timer function name within a gfb file the application uses the value to calculate an offset to a byte write. This can allow for Code Execution.

Print Friendly, PDF & Email

https://blogs.securiteam.com/index.php/feed