HomePentest-Tools.com Logo

DameWare Mini Remote Control < 12.0.3 Buffer Overflow Vulnerability (Windows) CVE-2016-2345

Severity
CVSSv3 Score
9.8
Vulnerability description

DameWare Mini Remote Control is prone to a local buffer overflow vulnerability.

Risk description

A certain message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.

Recommendation

Upgrade DameWare Mini Remote Control to version 12.0.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 17, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available