Code injection

2006-03-0223:02:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established.

CPENameOperatorVersion
secure_clienteq8.11.0-build146

CPE	Name	Operator	Version
	secure_client	eq	8.11.0-build146

References

lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html

secunia.com/advisories/19082

securityreason.com/securityalert/524

www.securityfocus.com/archive/1/426480/100/0/threaded

www.securityfocus.com/bid/16906

exchange.xforce.ibmcloud.com/vulnerabilities/25251