A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system.
DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks to manage desktop systems.
A buffer overflow vulnerability has been discovered in versions of DameWare Mini Remote Control prior to 4.9.0. A remote attacker can send a specially crafted packet to the DameWare Mini Remote Control (default port 6129/TCP) to mimic a client and exploit this vulnerability. Since the buffer overflow occurs in a section of the code used to handle authentication, a remote unauthenticated attacker can execute arbitrary code on a system.
A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code.
Thanks to AD for reporting this vulnerability.
This document was written by Ken MacInnis.
|Date First Published:||2005-09-07|
|Date Last Updated:||2005-09-07 20:04 UTC|