فا

‫ SolarWinds Network Performance Monitor Multiple Vulnerabilities

IRCAD2014043248
Number:IRCAD2014043248

Date: 2014/04/09

Criticality level: Highly critical

Software:

SolarWinds Network Performance Monitor 10.x

Description

Multiple vulnerabilities have been reported in SolarWinds Network Performance Monitor, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

1)An error within the wpdlx ActiveX control when handling certain file types can be exploited to execute arbitrary code.

2)An error within the C1Chart3D8 ActiveX control when loading an OC3 file via the "LoadURL()" method can be exploited to execute arbitrary code.

3)A boundary error within the Apex ActiveX control can be exploited to execute arbitrary code.

4)An error within the VSReport ActiveX control can be exploited to execute arbitrary OS commands.

5)Certain input related to DownloadFileServlet within FSMWebService is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.

The vulnerabilities are reported in versions prior to 10.7.

Solution:

Update to version 10.7.

Resources:

SolarWinds:

ZDI:

Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 فروردین 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0