Avirt SOHO Server and Web Service Version 4.3 and Voice Version 4.0 contain a vulnerability that allows a remote attacker to trigger a buffer overflow on the affected system.
The vulnerability exists due to improper bounds checking when processing HTTP requests. An attacker could trigger a buffer overflow by sending an overly long string to the vulnerable component. This causes the service to crash and could allow the attacker to execute arbitrary code in the context of the server process.
Exploit code is available.
Patches are unavailable.