Netop Remote Control DWS File Stack Buffer Overflow

2012-05-11T00:00:00
ID SAINT:108CD08BAF5E2433CA925EFCD5D81A83
Type saint
Reporter SAINT Corporation
Modified 2012-05-11T00:00:00

Description

Added: 05/11/2012
BID: 47631
OSVDB: 72291

Background

NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices.

Problem

NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize user-supplied input. A remote attacker who can persuade a user to open a specially crafted .DWS file could cause remote code execution.

Resolution

Upgrade to version 10 or higher.

References

<http://packetstorm.crazydog.pt/1104-exploits/netopremotecontrol-overflow.txt>

Limitations

This exploit has been tested on Netop Remote Control Guest 9.52 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows