7T AQUIS DLL Loading Arbitrary Code Execution Vulnerability
BID:52070
Info
7T AQUIS DLL Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 52070 |
| Class: | Design Error |
| CVE: |
CVE-2012-0224 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2012 12:00AM |
| Updated: | Feb 17 2012 12:00AM |
| Credit: | Kuang-Chun Hung |
| Vulnerable: |
7-Technologies AQUIS 1.5 |
| Not Vulnerable: | |
Discussion
7T AQUIS DLL Loading Arbitrary Code Execution Vulnerability
7T AQUIS is prone to a vulnerability which allows attackers to execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
AQUIS 1.5 and prior versions are vulnerable.
7T AQUIS is prone to a vulnerability which allows attackers to execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
AQUIS 1.5 and prior versions are vulnerable.
Exploit / POC
7T AQUIS DLL Loading Arbitrary Code Execution Vulnerability
Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.
Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.
Solution / Fix
7T AQUIS DLL Loading Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
7T AQUIS DLL Loading Arbitrary Code Execution Vulnerability
References:
References:
- AQUIS Homepage (7-Technologies)
- ICSA-12-025-01�??7-TECHNOLOGIES AQUIS DLL HIJACKING (ICS-CERT)