ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability

ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-061 February 7, 2011 -- CVE ID: CVE-2011-0647 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products: EMC Replication Manager ...

Design/Logic Flaw

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542...

CVE-2011-0647

CVE-2011-0647 is a remote code execution vulnerability in EMC Replication Manager (embedded in NetWorker Module for Microsoft Applications) prior to version 5.3. The irccd.exe service exposes TCP port 6542 and accepts commands via an XML-based RunProgram function; an attacker can execute arbitrar...

EMC Replication Manager irccd.exe RunProgram Message Handling Arbitrary Command Execution

Binary data emcrmcclient.nbin...

EMC Replication Manager Client Control Service Remove Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within the irccd.exe process which listens by default on a TCP port around...