Dream Report Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Bugtraq ID:	51655
Class:	Input Validation Error
CVE:	CVE-2011-4038 CVE-2011-4039
Remote:	Yes
Local:	No
Published:	Jan 24 2012 12:00AM
Updated:	Feb 08 2012 07:00PM
Credit:	Billy Rios and Terry McCorkle
Vulnerable:	Ocean Data Systems Dream Reports 3.0 Invensys Wonderware HMI Reports 3.42.835.0304
Not Vulnerable:	Ocean Data Systems Dream Reports 4.0

Dream Report Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Dream Report is prone to a cross-site scripting vulnerability and a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Attackers can exploit these issues to execute arbitrary code in the context of the webserver, compromise the affected application, and steal cookie-based authentication credentials from legitimate users of the site. Other attacks are also possible.

These issues affect Dream Report Versions prior to 4.0.

Dream Report Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

To exploit a cross-site scripting issue, an attacker must entice an unsuspecting user to follow a malicious URI.

Currently, we are not aware of any working exploits for the remote code-execution issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Dream Report Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Solution:
The vendor released an update. Please see the references for more information.

Dream Report Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

References:

• Dream Report Homepage (Ocean Data Systems)
  
• ICSA-12-024-01�??OCEAN DATA SYSTEMS DREAM REPORTS XSS AND WRITE ACCESS VIOLATION V (ICS-CERT)
  
• ICSA-12-039-01�??INVENSYS WONDERWARE HMI REPORTS XSS AND WRITE ACCESS VIOLATION VU (ICS-CERT)