Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

2012-10-22T00:00:00
ID SAINT:7016B3945A4F9873760E8516DA286845
Type saint
Reporter SAINT Corporation
Modified 2012-10-22T00:00:00

Description

Added: 10/22/2012
CVE: CVE-2012-3811
BID: 54225
OSVDB: 83399

Background

Avaya IP Office is a unified communications solution for mobile workforce.

Problem

The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be executed by a web request, leading to arbitrary command execution.

Resolution

Apply one of the fixes referenced in ASA-2012-222.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-106/>

Limitations

Exploit works on Avaya IP Office Customer Call Reporter 8.0.8.15.

Platforms

Windows