Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6033

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2007-6033
Last Modified 15 Nov 2008 12:00:00
Published 19 Nov 2007 09:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6033

Summary

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.

Vulnerable Systems

Application

  • Wonderware Intouch 8.0


References

CERT-VN - VU#138633

BID - 26496

MISC - http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/

SECUNIA - 27751

CONFIRM - http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804

OSVDB - 42398


Last Updated: 27 May 2016 10:46:22