Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2397

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-2397
Last Modified 16 Feb 2012 11:07:30
Published 05 Dec 2011 06:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2397

Summary

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Vulnerable Systems

Application

  • Iron Mountain Connected Backup 8.4

  • Ironmountain Connected Backup 8.4


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-339/

XF - iron-mountain-connected-command-exec(71602)

OSVDB - 77495


Last Updated: 27 May 2016 10:57:50