MondoSoft's MondoSearch File Creation Vulnerability

Reported September 24, 2003 by Jens H. Christensen.

 

 

VERSIONS AFFECTED

 

Mondosoft MondoSearch 5.1, 5.0, and 4.4 for Windows

 

DESCRIPTION

 

A vulnerability in Mondosoft MondoSearch for Windows can result in the execution of arbitrary code on the vulnerable computer. One of the default installation files, msmsetup.exe, contains a vulnerability that lets malicious users create files with user-specified content on the Web server or anywhere that the executing user (typically IUSR_xxx) has write access. For details about this vulnerability, see the discoverer's web site.

 

VENDOR RESPONSE

 

Mondosoft has released a patch for this vulnerability.

 

CREDIT          
Discovered by Jens H. Christensen.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish