A critical stack-based buffer overflow in the WOSDeviceDropFolder component of Gladinet software poses a severe risk of remote code execution.

This vulnerability involves a stack-based buffer overflow triggered by improper handling of excessively long URL paths starting with "/resources" in WOSDeviceDropFolder.dll. The flaw can be triggered by an unauthenticated remote attacker sending a crafted request to the affected service.

The CVSS score of 9.8 reflects the high probability of full system compromise. Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected service, leading to potential data exfiltration, lateral movement within the network, and significant disruption to business operations.

Immediate Action: Apply the vendor-supplied patch or update to the latest version immediately to remediate the buffer overflow.

Proactive Monitoring: Inspect network traffic for unusually long or malformed HTTP requests directed at the affected service and review system logs for signs of service crashes.

Compensating Controls: Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) to filter and block malformed requests containing excessively long URL paths.

Public Exploit Available: Unknown

The severity of this vulnerability necessitates immediate attention. Organizations should prioritize identifying all instances of the affected Gladinet software and applying the necessary updates to prevent unauthorized system access and potential remote code execution.