This Metasploit module exploits a command-injection vulnerability in Microsoft Host Integration Server 2006.
c29fc500b51166717571864080b46bfddba14e0c7ec73b2fd96c5ff4a63a9a81HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
6070bad84d5022ca04799b12d6ce60b15fd554e948e8ef474e0352b147691bcbiDefense Security Advisory 10.14.08 - Remote exploitation of an arbitrary command execution vulnerability in Microsoft Corp.'s Host Integration Server 2006 could allow an attacker to execute arbitrary code with the privileges of the affected service. The RPC interface exposes several methods that an unauthenticated attacker can use to execute arbitrary programs on the server. RPC opcodes 1 and 6 both allow an attacker to call the CreateProcess() function with full control over the application started, as well as the command line passed to it. This allows an attacker to run arbitrary programs on the server. iDefense has confirmed the existence of this vulnerability in Host Integration Server 2006. Previous versions may also be affected.
b9fe753909d642655b6aa83a4515cd2e1b53dc02408456d1fb3e5c5f01d9aca4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed