DameWare Remote Controller versions 12.0.0.520 and below suffer from a remote code execution vulnerability.
4a4c9ff1d9e13aeac05d41ef0fa4e98e4a4c365f635327661de001c1432585c0A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.
390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed