vendor:
Mercur
by:
mu-b
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: Mercur
Affected Version From: 5.00.14
Affected Version To: 5.00.14
Patch Exists: NO
Related CWE: Unknown
CPE:
Platforms Tested: Windows
2006
Mercur v5.00.14 (win32) remote exploit
This exploit targets Mercur v5.00.14 on the Windows platform. It allows an attacker to execute arbitrary code on the target system by sending a specially crafted payload via an NTLM authentication request. The payload is sent in two parts, with the first part being a base64-encoded string and the second part containing various string and byte values. Upon successful exploitation, the attacker gains control over the target system.
Mitigation:
Update to a patched version of Mercur or apply appropriate security measures to protect against remote code execution attacks.