CVE-2015-8220 – SolarWinds DameWare Mini Remote Control URI Handler Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8220
Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. Desbordamiento de buffer basado en pila en el manejador URI en DWRCC.exe, en SolarWinds DameWare Mini Remote Control en versiones anteriores a 12.0 HotFix 1, permite a atacantes remotos ejecutar código arbitrario a través de un argumento de línea de comandos manipulado en un enlace. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds DameWare Mini Remote Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWRCC.exe. By crafting a malicious link, an attacker can trigger a stack buffer overflow while parsing the command-line arguments. • http://www.zerodayinitiative.com/advisories/ZDI-15-555 https://thwack.solarwinds.com/message/308973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-1852
https://notcve.org/view.php?id=CVE-2004-1852
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. • http://marc.info/?l=bugtraq&m=108016344224973&w=2 http://secunia.com/advisories/11205 http://securitytracker.com/id?1009557 http://www.dameware.com/support/security/bulletin.asp?ID=SB3 http://www.osvdb.org/4547 http://www.securityfocus.com/bid/9959 https://exchange.xforce.ibmcloud.com/vulnerabilities/15586 • CWE-319: Cleartext Transmission of Sensitive Information •