Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
BID:51767
Info
Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 51767 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2012 12:00AM |
| Updated: | Jan 31 2012 12:00AM |
| Credit: | Gjoko Krstic |
| Vulnerable: |
MindJet MindManager 2012 10.0.493 |
| Not Vulnerable: | |
Discussion
Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
Mindjet MindManager 2012 is prone to multiple vulnerabilities that let attackers execute arbitrary code.
An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Mindjet MindManager 2012 is prone to multiple vulnerabilities that let attackers execute arbitrary code.
An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Exploit / POC
Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
Attackers must entice a user into opening a file on a remote WebDAV or SMB share to exploit these issues.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Attackers must entice a user into opening a file on a remote WebDAV or SMB share to exploit these issues.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Solution / Fix
Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Mindjet MindManager 2012 DLL Loading Arbitrary Code Execution Vulnerabilities
References:
References:
- Application DLL Load Hijacking (HD Moore)
- Exploiting DLL Hijacking Flaws (hdm)
- Microsoft Security Advisory 2269637 Released (Microsoft)
- MindManager 2012 Homepage (Mindjet)
- More information about the DLL Preloading remote attack vector (Microsoft)
- Microsoft Security Advisory (2269637) (Microsoft)
- Mindjet MindManager 2012 v10.0.493 Multiple Remote Vulnerabilities (Gjoko Krstic)