The SASspk module (SASspk.dll) version 9.310.0.11307, has a function called 'RetrieveBinaryFile()' which has one parameter called 'bstrFileName' which takes arguments as strings as defined in the function itself as ISPKBinaryFile from the SASPackageRetrieve library. Stack-based buffer overflow was discovered in one of the fuzzing processes that could allow arbitrary code execution by an attacker when exploiting the non-sanitized 'bstrFileName' parameter.
520def5ba164f9a7f1d632ee1f23ece85df9bc7454425ba51968438158fe9eda
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
4f757159338ee6e63f859bc3c49ed500a016a2a867b2429a8d306a45d48845e9