This host is installed with eSignal and is prone to multiple vulnerabilities.

Successful exploitation allows execution of arbitrary code. Impact Level: System/Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

- A boundary error in WinSig.exe when processing QUOTE files can be exploited to cause a stack-based buffer overflow. - A boundary error in WinSig.exe when processing the '<FaceName>' tag can be exploited to cause a heap-based buffer overflow via a specially crafted Time and Sales file. - The application loads libraries in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into opening a QUOTE file located on a remote WebDAV or SMB share.

eSignal version 10.6.2425.1208 and prior.

• http://aluigi.altervista.org/adv/esignal_1-adv.txt
• http://secunia.com/advisories/45966/
• http://www.exploit-db.com/exploits/17837/

---

Updated on 2015-03-25