header-logo
Suggest Exploit
vendor:
Acunetix Web Vulnerability Scanner
by:
Naser Farhadi
9.3
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Acunetix Web Vulnerability Scanner
Affected Version From: <=9.5
Affected Version To: <=9.5
Patch Exists: YES
Related CWE: MS14-064
CPE: a:acunetix:acunetix_web_vulnerability_scanner
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2015

Acunetix OLE Automation Array Remote Code Execution

Acunetix Login Sequence Recorder (lsr.exe) Uses CoCreateInstance API From Ole32.dll To Record Target Login Sequence. Exploit Based on MS14-064 CVE2014-6332. This Python Script Will Start A Sample HTTP Server On Your Machine And Serves Exploit Code And Metasploit windows/shell_bind_tcp Executable Payload. And Finally You Can Connect To Victim Machine Using Netcat.

Mitigation:

Update the vulnerable version of Acunetix to the latest version.
Source

Exploit-DB raw data: