FrontRange iHEAT ActiveX unauthorized access
|frontrange-iheat-unauth-access (26711)||Medium Risk|
could allow a remote authenticated attacker to execute or gain access to arbitrary files on the host system. An attacker could exploit this vulnerability by uploading an arbitrary file with a file extension that has not been associated with an application and then attempting to open the uploaded file. The attacker could then use the "Open With" dialog box to open and execute any file on the system with the privileges of the current user.
Upgrade to the latest version of FrontRange iHEAT, available from the FrontRange iHEAT Web site. See References.
- BugTraq Mailing List, Mon May 15 2006 - 21:29:52 CDT: FrontRange iHeat Vulnerability.
- FrontRange Solutions Web site: HEAT iHEAT - FrontRange Solutions HEAT Help Desk Management Software.
- CVE-2006-2511: The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the Open With... dialog.
- OSVDB ID: 25742: FrontRange iHEAT External Application Arbitrary Code Execution
- SA20165: FrontRange iHEAT Host System Access Vulnerability
- SECTRACK ID: 1016124: FrontRange Solutions iHEAT Active-X Component Lets Remote Authenticated Users Execute Arbitrary Code
- FrontRange iHEAT
- Microsoft Windows 2000 Advanced Server
May 15, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this