SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   tinyBB Vendors:   FrontRange Solutions
FrontRange Solutions iHEAT Active-X Component Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016124
SecurityTracker URL:  http://securitytracker.com/id/1016124
CVE Reference:   CVE-2006-2511   (Links to External Site)
Updated:  Sep 3 2009
Original Entry Date:  May 19 2006
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  

Description:   A vulnerability was reported in iHEAT. A remote authenticated user can execute arbitrary code on the target system.

The Active-X version of the product allows a remote authenticated user to upload a file having a file extension that is not associated with an application and attach the uploaded file to the current call. Then, the user can attempt to open the file. When the system requests which application should be used to open the file, the user can select executable code.

A remote authenticated user can also use this method to view directory listings.

mcdanielar at hushmail.com reported this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.frontrange.com/ProductsSolutions/Detail.aspx?id=53 (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Date:  16 May 2006 02:29:52 -0000
Subject:  FrontRange iHeat Vulnerability

A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged
 on session or execute arbitrary code while using the active-x version of the product.

To reproduce the exploit, first upload a file with an extension that has not been associated to an application, attaching it to the
 current call.  Next attempt to open the file.  When prompted which application to use to open the file a file dialog appears.  In
 the file dialog, select and run the executable code you wish to run.  Cancel the dialog box.

This vulnerability also exposes the file system of the host machine in a similar manner.  The code runs in the context of the current
 user.  Necessary precautions should be taken to mitigate risk.

This vulnerability exists in all tested versions of iHeat that use active-x controls and may also exist in other FrontRange products.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC