Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary code with SYSTEM privileges.
Vulnerable Systems:
* Motorola Timbuktu Pro version 8.6.5
Timbuktu fails to properly handle user-supplied data passed through a named pipe session. When the PlughNTCommand named pipe receives an overly large character string, a buffer overflow will occur resulting in arbitrary code execution.
Exploitation of this issue allows an attacker to execute arbitrary code with SYSTEM privileges. An attacker would need to locate a system running the Timbuktu Pro software. Upon finding a system that is running the vulnerable software, the attacker would check for the availability of the PlughNTCommand named pipe. If the named pipe is available, the attacker can connect and create a session without authenticating. The attacker can then send malformed data to the Timbuktu Pro process, resulting in arbitrary code execution with elevated privileges.
Workaround
A named pipe filter can be applied to the registry. Named pipe filtering can be done in two ways dynamic filtering and white listing. Microsoft provides further details about how to implement this workaround. Named Pipe Filter workaround: http://support.microsoft.com/kb/925890
