Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   tinyBB Vendors:   FrontRange Solutions
FrontRange Solutions iHEAT Active-X Component Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016124
SecurityTracker URL:
CVE Reference:   CVE-2006-2511   (Links to External Site)
Updated:  Sep 3 2009
Original Entry Date:  May 19 2006
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  

Description:   A vulnerability was reported in iHEAT. A remote authenticated user can execute arbitrary code on the target system.

The Active-X version of the product allows a remote authenticated user to upload a file having a file extension that is not associated with an application and attach the uploaded file to the current call. Then, the user can attempt to open the file. When the system requests which application should be used to open the file, the user can select executable code.

A remote authenticated user can also use this method to view directory listings.

mcdanielar at reported this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.

 Source Message Contents

Subject:  FrontRange iHeat Vulnerability

A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged
 on session or execute arbitrary code while using the active-x version of the product.

To reproduce the exploit, first upload a file with an extension that has not been associated to an application, attaching it to the
 current call.  Next attempt to open the file.  When prompted which application to use to open the file a file dialog appears.  In
 the file dialog, select and run the executable code you wish to run.  Cancel the dialog box.

This vulnerability also exposes the file system of the host machine in a similar manner.  The code runs in the context of the current
 user.  Necessary precautions should be taken to mitigate risk.

This vulnerability exists in all tested versions of iHeat that use active-x controls and may also exist in other FrontRange products.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC