Solarwinds have been contacted about this issue who have acknowledged it and have released a version which reportedly contains the fix for the vulnerability, version 12.1. This vulnerability is due to insecure handling of a user input buffer which ultimately allows for overwriting Structured Exception Handler (SEH) addresses and the subsequent hijacking of execution flow.īelow is a video demonstration of exploitation for proof of concept of this vulnerability. Having recently completed my OSCE and looking to use some of the skills I picked up there in the real world, I found a local buffer overflow vulnerability in the latest version (at the time of writing) for Dameware MRC (12.0.5) and it has been assigned CVE-2018-12897. You can often find it among the plethora of toolkits used by system administrators managing the IT infrastructure in organisations. Dameware Mini Remote Control (MRC) is a remote administration utility allowing remote access to end user devices for a variety of purposes.
0 kommentar(er)
