COMMAND
	    602Pro Lan Suite Web Admin
SYSTEMS AFFECTED
	    602Pro Lan Suite Web Admin
PROBLEM
	    Following is  based on  a Strumpf  Noir Society  Advisories.   Lan
	    Suite  is  an  cost-effective  all-in-one  application   providing
	    connection  sharing,  email  and  fax  services  for networks.  It
	    offers remote  administration capabilities  through an  integrated
	    HTTP-server.    602Pro  Lan   Suite  can   be  found   at   vendor
	    Software602's website.
	    The  remote   administration  component   (webprox.dll)  of   this
	    application  is  subject  to  a  buffer  overflow attack through a
	    lengthy GET command.  If this request contains 1059 bytes or  more
	    it will  overflow a  buffer and  allow the  execution of arbitrary
	    code.
SOLUTION
	    Vendor was contacted  and has verified  the problem.   A new build
	    (2000.0.1.33)  has  been  released  through Software602's website.
	    602Pro Lan Suite 2000a build 2000.0.1.32 and earlier versions  can
	    be expected to be vulnerable.  Users are encouraged to obtain  the
	    new version asap.