Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability

2009-09-23T00:00:00
ID ZDI-09-066
Type zdi
Reporter Stephen Fewer of Harmony Security (www.harmonysecurity.com)
Modified 2009-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. A specially crafted request can bypass authentication allowing an attacker to upload and execute arbitrary files. Successful exploitation can result in complete system compromise under SYSTEM credentials.