November 1, 2011, 4:33PM
Researcher Warns Of Exploitable Hole In Chinese Translation Software NJStar
1 CommentUPDATE: An independent security researcher has warned officials in Australia, the US and China about a serious, remotely exploitable hole in language translation software that is used by leading corporations, universities and governments.
Dillon Beresford said a stack overflow vulnerability in a com
ponent of NJStar Communicator, a language translation application, could be used to take control of systems running the software, putting leading corporations including Google, Siemens, Goldman Sachs and the FBI at risk of attack. A Metasploit module containing exploit code for the vulnerability in the MiniSMTP (simple mail transfer protocol) server component of NJStar's Communicator Version 3 has been posted on exploit-db.com.
The NJStar software, by Australian firm NJStar Corp., isn't used for industrial control. Rather, it is a commonly used platform for word processing and input and output language translation that allows Chinese, Japanese and Korean speaking users to write and view content on systems running English- and other latinate language versions of Windows.
Editor's Pick
Beresford said the vulnerability in the miniSMTP component affects three applications: NJStar Chinese Word Processor Version 5.30, Japanese Word Processor Version 5.3 and Communicator Version 3. Each contains an SMTP server component bundled with the main application to enable e-mailing of content.
The impact of the hole is not clear, though Beresford claims that it leaves those applications available to attack if a user sends an email through the word processor or JStar Communicator.
The Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) issued a vulnerability note for NJStar Communicator on Wednesday.
Beresford, an independent researcher, gained notoriety while employed for NSS Labs for his work finding holes in industrial control system (ICS) software by vendors like Siemens and others. He has also called attention to lax security in ICS deployments within the People's Republic of China.
Commenting on this Article is closed.
Today's Most Popular
- Anatomy of a LulzSec Attack 'Singles Out' Web 2.0 Weakness
- Common Firewall Feature Enables TCP Hijacking Attacks
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Facebook Cancellation Malware Disguised As Adobe Update Making Rounds
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Why this is even a news?NJ....WhT?