Energizer DUO Charger USB Software Contains Trojan Software That Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1023693 |
|
SecurityTracker URL: http://securitytracker.com/id?1023693
|
|
CVE Reference:
CVE-2010-0103
(Links to External Site)
|
Date: Mar 8 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
|
Description:
A vulnerability was reported in the Energizer DUO Charger USB software. A remote user can execute arbitrary code on the target system.
The USB software installs a trojan file ('Arucer.dll') that receives and executes commands from remote users. The commands will run with the privileges of the target user.
The trojan listens on TCP port 7777 for commands.
The DUO Charger model CHUSB is affected.
The USB software is not distributed with the physical charger, but rather, is available via download from the vendor's web site.
Symantec has assigned the label 'Trojan.Arugizer' to this trojan.
Ed Schaller reported this vulnerability to US-CERT.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.energizer.com/ (Links to External Site)
|
Cause:
Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 08 Mar 2010 19:13:08 +0000
Subject: Energizer DUO Charger
|
http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software
http://www.kb.cert.org/vuls/id/154421
CVE-2010-0103
|
|
