ID
VAR-E-201503-0456
CVE
| cve_id: | CVE-2014-9207 | Trust: 0.3 |
TITLE
Cimon CmnView CVE-2014-9207 DLL Loading Arbitrary Code Execution Vulnerability
Trust: 0.3
DESCRIPTION
Cimon CmnView is prone to a vulnerability that lets attackers execute arbitrary code.
Successful exploits will allow the attackers to execute arbitrary code in the context of the user running the affected application.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cimon | model: | cmnview | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | cimon | model: | cmnview | scope: | eq | version: | 2.14.0.1 | Trust: 0.3 |
| vendor: | cimon | model: | cmnview | scope: | ne | version: | 3.02 | Trust: 0.3 |
EXPLOIT
Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Ivan Sanchez of Wise Security
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-15-069-01 | Trust: 0.3 |
| db: | NVD | id: | CVE-2014-9207 | Trust: 0.3 |
| db: | BID | id: | 73027 | Trust: 0.3 |
REFERENCES
| url: | http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html | Trust: 0.3 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-069-01 | Trust: 0.3 |
| url: | http://www.cimon.com/eng/ | Trust: 0.3 |
| url: | http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx | Trust: 0.3 |
SOURCES
| db: | BID | id: | 73027 |
LAST UPDATE DATE
2022-07-27T09:40:16.508000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 73027 | date: | 2015-03-10T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 73027 | date: | 2015-03-10T00:00:00 |