psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.
PeopleSoft PeopleTools versions 8.4 through 8.43 are vulnerable to a denial-of-service (DoS) attack. The psdoccgi.exe component can be crashed remotely by manipulating the headername and footername arguments, leading to a disruption of service and potential business impact.
Step 1: Payload Delivery: An attacker crafts a malicious HTTP request to the vulnerable psdoccgi.exe endpoint. This request includes the headername and/or footername parameters, containing specially crafted input.
Step 2: Request Processing: The psdoccgi.exe application receives and parses the malicious HTTP request.
Step 3: Argument Handling: The application attempts to process the headername and footername arguments, likely using them to retrieve or process document headers and footers.
Step 4: Vulnerability Trigger: Due to insufficient input validation, the malicious input in headername and/or footername causes a memory corruption issue, such as a buffer overflow or other memory-related error.
Step 5: Application Crash: The memory corruption leads to an application crash, resulting in a denial-of-service condition.
The vulnerability lies within the psdoccgi.exe executable, likely in how it handles user-supplied input for the headername and footername parameters. The root cause is likely a lack of proper input validation or sanitization. Specifically, the application likely fails to check the length or content of the provided arguments before using them. This could lead to a buffer overflow or other memory corruption issues when processing the arguments, ultimately causing the application to crash. The lack of robust error handling and input validation allows for a simple crafted request to trigger the crash. The specific function responsible for processing these arguments is the likely target for exploitation.