|
|
| |
Credit:
The information has been provided by Symantec Vulnerability Research.
The original article can be found at: http://www.symantec.com/research
|
| |
Vulnerable Systems:
* RemoteDocs R-Viewer version 1.6.2836
Immune Systems:
* RemoteDocs R-Viewer version 1.6.3768
The problem is due to a design flaw in the R-Viewer application. It is possible to replace the normal encrypted RDZ file with a specially crafted RDZ file. The first file in this archive will be executed with current user privledges by the R-Viewer application based strictly on file extension alone.
To further compound this issue it may be possible for an attacker to gain other sensitive information from the R-Viewer application through easily predictable temporary directories that don't appear to expire content regularily. Included inside of these temorary directories are the unecnrypted copies of the documents the R-Viewer application has opened in the past.
Example:
C:\Program Files\RemoteDocs\Viewer\tmp\31325193(1) <-- First opening
C:\Program Files\RemoteDocs\Viewer\tmp\31325193(2) <-- Second opening
Vendor Response:
RemoteDocs Engineers have verified these issues and have resolved them in the latest product release R-Viewer 1.6.3768. RemoteDocs recommends all customers immediately obtain the newest version of R-Viewer to protect against these types of threats. RemoteDocs is unaware of any adverse customer impact from these issues. There are no known publicly available exploits.
Recommendation:
All users should upgrade to the latest version of R-Viewer 1.6.3768.
CVE Information:
CVE-2007-4750 and CVE-2007-4751
|
|
|
