Reported February 6, 2003, by Knud Erik Højgaard.

 

 

VERSIONS AFFECTED

 

  • Absolute Telnet 2.00 and 2.11

 

DESCRIPTION

 

A vulnerability in Celestial Software's Absolute Telnet 2.00 and 2.11 can lead to arbitrary execution of code on the vulnerable system. This vulnerability is a result of insufficient bounds checking in the code that sets the program's title bar.

 

VENDOR RESPONSE

 

Celestial Software has released version 2.12 Release Candidate 10 (RC10), which isn't vulnerable to this condition.

 

CREDIT

Discovered by Knud Erik Højgaard.