FrontRange iHeat Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FrontRange iHeat Vulnerability
From: mcdanielar@xxxxxxxxxxxx
Date: 16 May 2006 02:29:52 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A vulnerability has been found in FrontRange's iHeat product that allows users 
to gain access to the host machine through a logged on session or execute 
arbitrary code while using the active-x version of the product.

To reproduce the exploit, first upload a file with an extension that has not 
been associated to an application, attaching it to the current call.  Next 
attempt to open the file.  When prompted which application to use to open the 
file a file dialog appears.  In the file dialog, select and run the executable 
code you wish to run.  Cancel the dialog box.

This vulnerability also exposes the file system of the host machine in a 
similar manner.  The code runs in the context of the current user.  Necessary 
precautions should be taken to mitigate risk.

This vulnerability exists in all tested versions of iHeat that use active-x 
controls and may also exist in other FrontRange products.

Prev by Date: Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise
Next by Date: POC exploit for freeFTPd 1.0.10
Previous by thread: Re: XSS in orkut.com
Next by thread: POC exploit for freeFTPd 1.0.10
Index(es):
- Date
- Thread