UPDATE: An independent security researcher has warned officials in Australia, the US and China about a serious, remotely exploitable hole in language translation software that is used by leading corporations, universities and governments.
Dillon Beresford said a stack overflow vulnerability in a com
ponent of NJStar Communicator, a language translation application, could be used to take control of systems running the software, putting leading corporations including Google, Siemens, Goldman Sachs and the FBI at risk of attack. A Metasploit module containing exploit code for the vulnerability in the MiniSMTP (simple mail transfer protocol) server component of NJStar’s Communicator Version 3 has been posted on exploit-db.com.
The NJStar software, by Australian firm NJStar Corp., isn’t used for industrial control. Rather, it is a commonly used platform for word processing and input and output language translation that allows Chinese, Japanese and Korean speaking users to write and view content on systems running English- and other latinate language versions of Windows.
Beresford said the vulnerability in the miniSMTP component affects three applications: NJStar Chinese Word Processor Version 5.30, Japanese Word Processor Version 5.3 and Communicator Version 3. Each contains an SMTP server component bundled with the main application to enable e-mailing of content.
The impact of the hole is not clear, though Beresford claims that it leaves those applications available to attack if a user sends an email through the word processor or JStar Communicator.
The Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) issued a vulnerability note for NJStar Communicator on Wednesday.
Beresford, an independent researcher, gained notoriety while employed for NSS Labs for his work finding holes in industrial control system (ICS) software by vendors like Siemens and others. He has also called attention to lax security in ICS deployments within the People’s Republic of China.
