Algorithmic Research PrivateWire versions 3.7 and prior contain a buffer overflow vulnerability in the online registration facility that could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to insufficient bounds checking when handling overly long GET requests. An attacker could exploit this vulnerability via a crafted GET request to trigger an exploitable buffer overflow condition and gain control the application's Enhanced Instruction Pointer (EIP). Once controlled, an attacker may move this pointer to attacker-supplied data and execute arbitrary code on the affected machine.
Algorithmic Research has not confirmed this vulnerability and patches are