Release date:
Updated on: 2013-07-26
Affected Systems:
Dameware DameWare Remote Support 9.x
Dameware DameWare Remote Support 10.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-3249
DameWare Remote Support is a solution for Remote management and Remote Support.
DameWare Remote Support has a boundary error when importing data in DameWare exportertool (dwexporter.exe), which can cause stack buffer overflow and allow execution of arbitrary code. To exploit this vulnerability, You Need To trick users into importing data through the "Add from text file" function.
<* Source: Parvez Anwar
Link: http://secunia.com/advisories/53096/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Dameware
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.dameware.com/technical-support.aspx