text:00433C1F 3F0 push offset Format "%s%s.eeg" text:00433C11 3EC call ds:ATL::CSimpleStringT::operator char const *(void) text:00433BF6 400 call ds:GetTempDirectory(void) // text:00433BEB 3FC call ds:_imp_splitpath // text:00433BE4 3F8 call ds:ATL::CSimpleStringT::operator char const *(void) text:00433BE0 3F8 lea this, // Client supplied path This path construction is shown below: Storage.exe: Timestamp: Wed Nov 06 10:11:09 2013 (527A863D)ĭuring the processing of the RequestForPatientInfoEEGfile command, NWStorage attempts to open an EEG file based on a path requested by the client. Loaded symbol image file: c:\Neuroworks\storage.exe Modules associated with this advisory are below: 0:000> lm vm Storage This advisory looks into the NWStorage service bundled with NeuroWorks. In particular, it is used to monitor and review study data from anywhere on the network. Natus NeuroWorks 8 provides a networking solution for the Natus Xltek EEG products. Tested Versionsġ0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWEĬWE-121 - Stack-based Buffer Overflow Details An attacker can send a malicious packet to trigger this vulnerability. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution.
![natus neuroworks eeg natus neuroworks eeg](https://www.admarneuro.com/images/data/TrexAmbuRecorder-600x600.jpg)
#Natus neuroworks eeg code
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8.