AOH :: HP Unsorted F :: B06-2291.HTM

Frontrange iheat vulnerability



FrontRange iHeat Vulnerability
FrontRange iHeat Vulnerability



A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged on session or execute arbitrary code while using the active-x version of the product.

To reproduce the exploit, first upload a file with an extension that has not been associated to an application, attaching it to the current call.  Next attempt to open the file.  When prompted which application to use to open the file a file dialog appears.  In the file dialog, select and run the executable code you wish to run.  Cancel the dialog box.

This vulnerability also exposes the file system of the host machine in a similar manner.  The code runs in the context of the current user.  Necessary precautions should be taken to mitigate risk.

This vulnerability exists in all tested versions of iHeat that use active-x controls and may also exist in other FrontRange products.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.