Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   ElectroComm Vendors:   ElectroSystems Engineers, Inc.
ElectroComm Communications Utility Can Be Crashed by Remote Users
SecurityTracker Alert ID:  1001493
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 8 2001
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 2.0
Description:   A vulnerability has been reported in ElectroComm, a communications program that allows remote users to connect to a Com Port via a a network using any Telnet client. The vulnerability allows remote users to cause the ElectroComm server to crash.

It is reported by DHC that sending two bursts of about 160000 characters each to the ElectroComm port 23 will cause CPU utilization to increase to 100% and then crash with the following error:

Run-time error '381': Invalid array index.

A demonstration exploit perl script is available at:

Impact:   A remote user can cause the ElectroComm server application to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  Advisory for Electrocomm 2.0

Content-type: text/plain

 [ Advisory for Electrocomm                        ]
 [ Electrocomm is made by Electrosoft              ]
 [ Site:                       ]
 [ by nemesystm of the DHC                         ]
 [ ( - ]
 [ ADV-0118                                        ]

ElectroComm allows you to connect to a comm port on
a computer over a network using any Telnet client.
The program can fall victim to a denial of service.

/-|=[who is vulnerable]=|-\
Electrocomm 2.0 has been tested to be vulnerable.
Prior versions are assumed to be vulnerable as well.

/-|=[testing it]=|-\
Sending two bursts of characters with a length of
about 160000 each to port 23 will peg CPU to 100%
and then crash with:
Run-time error '381':
Invalid array index.

I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.

None known at the moment.
Free, encrypted, secure Web-based email at


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC