Aladdin eToken PKI Client ETV File Remote Code Execution Vulnerability
BID:39370
Info
Aladdin eToken PKI Client ETV File Remote Code Execution Vulnerability
| Bugtraq ID: | 39370 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2010 12:00AM |
| Updated: | May 31 2010 11:00AM |
| Credit: | LiquidWorm |
| Vulnerable: |
Aladdin Enterprises eToken PKI Client 4.5 |
| Not Vulnerable: |
Aladdin Enterprises eToken PKI Client 5.1 |
Discussion
Aladdin eToken PKI Client ETV File Remote Code Execution Vulnerability
Aladdin eToken PKI Client is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
Aladdin eToken PKI Client 4.5 is vulnerable; other versions may also be affected.
Aladdin eToken PKI Client is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
Aladdin eToken PKI Client 4.5 is vulnerable; other versions may also be affected.
Exploit / POC
Aladdin eToken PKI Client ETV File Remote Code Execution Vulnerability
The following proof-of-concept is available:
The following proof-of-concept is available:
Solution / Fix
Aladdin eToken PKI Client ETV File Remote Code Execution Vulnerability
Solution:
The vendor released eToken PKI Client version 5.1 to address this issue. Please see the references and contact the vendor for more information.
Solution:
The vendor released eToken PKI Client version 5.1 to address this issue. Please see the references and contact the vendor for more information.
References
Aladdin eToken PKI Client ETV File Remote Code Execution Vulnerability
References:
References:
- eToken PKI Client (Aladdin Enterprises)