10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.828 High
EPSS
Percentile
98.4%
Added: 12/12/2011
CVE: CVE-2011-2397
BID: 50884
OSVDB: 77495
Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP port 16388.
The Agent service in Iron Mountain Connected Backup allows remote attackers to execute arbitrary code via a crafted **opcode**
13 request that triggers use of the **LaunchCompoundFileAnalyzer**
class to send request data to the **System.getRunTime.exec**
method.
Updated versions are available through normal support channels (http://customers.autonomy.com, http://digitalresourcecenter.ironmountain.com).
<http://www.zerodayinitiative.com/advisories/ZDI-11-339/>
Exploit works on Iron Mountain Connected BackupPC 8.5.1.
Windows