CPaint script execution

cpaint-script-execution (21846) The risk level is classified as HighHigh Risk

Description:

CPaint is vulnerable to script execution. A remote attacker could exploit this vulnerability to execute arbitrary script code.

Platforms Affected:

  • CPAINT, CPAINT prior to 1.3-SP

Remedy:

Upgrade to the latest version of CPaint (1.3-SP or later), available from the CPaint Web site. See References.

Consequences:

Gain Access

References:

  • BugTraq Mailing List, Mon Aug 15 2005 - 11:52:54 CDT, Vulnerability found in CPAINT Ajax Toolkit at http://archives.neohapsis.com/archives/bugtraq/2005-08/0197.html.
  • CPaint Web site, CPAINT at http://cpaint.sourceforge.net/.
  • BID-14565: CPaint Unspecified Command Execution and Information Disclosure Vulnerabilities
  • BID-14577: CPaint xmlhttp Request Input Validation Vulnerability
  • CVE-2005-2613: Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.
  • CVE-2005-2624: Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.
  • CVE-2005-2625: Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.
  • SA16462: CPAINT Ajax Toolkit Unspecified Command Execution Vulnerability

Reported:

Aug 15, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page