Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4149

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4149
Last Modified 05 Nov 2012 10:44:33
Published 03 Aug 2007 04:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4149

Summary

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Visionsoft Audit 12.4.0.0


References

BID - 25153

MISC - http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt

MISC - http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt

MISC - http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt

OSVDB - 42462


Last Updated: 27 May 2016 10:47:21