A vulnerability exists in the way Disk Pulse Server process a remote clients "GetServerInfo" request. The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to the server. A remote user can send specially crafted data to TCP port 9120 to trigger a stack overflow and execute arbitrary code on the target system.
Exploit Platform
Product Name