Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Working Resources Inc. BadBlue ext.dll command execution vulnerability

Working Resources Inc. BadBlue ext.dll command execution vulnerability

by Mario Miri on May 13th, 2003 Working Resource Inc. BadBlue software suffers from vulnerability which could allow the remote attacker to gain unauthorized access on the vulnerable host. Due to input validation error in ext.dll component of the software a attacker could cause the server to interpret *.hts files which could lead to unauthorized execution of arbitrary administrative command.


Vulnerable:
Working Resources Inc. BadBlue Enterprise Edition 1.5
Working Resources Inc. BadBlue Enterprise Edition 1.5.6 Beta
Working Resources Inc. BadBlue Enterprise Edition 1.6 Beta
Working Resources Inc. BadBlue Enterprise Edition 1.7
Working Resources Inc. BadBlue Enterprise Edition 1.7.2
Working Resources Inc. BadBlue Enterprise Edition 1.7.3
Working Resources Inc. BadBlue Enterprise Edition 1.7.4
Working Resources Inc. BadBlue Enterprise Edition 2.15
Working Resources Inc. BadBlue Personal Edition 1.5.6 Beta
Working Resources Inc. BadBlue Personal Edition 1.6 Beta
Working Resources Inc. BadBlue Personal Edition 1.7
Working Resources Inc. BadBlue Personal Edition 1.7.2
Working Resources Inc. BadBlue Personal Edition 1.7.3
Working Resources Inc. BadBlue Personal Edition 1.7.4
Working Resources Inc. BadBlue Personal Edition 2.15


Exploit / Proof Of Concept:
http://download.xatrix.org/prf/badblue1.txt


Solution:
The Personal Edition version issue has been addressed in 2.16 version of
the software.
Enterprise Edition users are advised to contact the vendor for upgrades.


Discovered by:
Matthew Murphy, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »