Vulnerability Note VU#170905
DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted authentication requests
A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system.
DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks to manage desktop systems.
A buffer overflow vulnerability has been discovered in versions of DameWare Mini Remote Control prior to 4.9.0. A remote attacker can send a specially crafted packet to the DameWare Mini Remote Control (default port 6129/TCP) to mimic a client and exploit this vulnerability. Since the buffer overflow occurs in a section of the code used to handle authentication, a remote unauthenticated attacker can execute arbitrary code on a system.
A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|DameWare||Affected||07 Sep 2005||07 Sep 2005|
CVSS Metrics (Learn More)
Thanks to AD for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: Unknown
- Date Public: 31 Aug 2005
- Date First Published: 07 Sep 2005
- Date Last Updated: 07 Sep 2005
- Severity Metric: 18.73
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.