ID
VAR-E-201609-0259
CVE
| cve_id: | CVE-2016-4526 | Trust: 0.3 |
TITLE
ABB DataManagerPro CVE-2016-4526 DLL Loading Local Code Execution Vulnerability
Trust: 0.3
DESCRIPTION
ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input.
A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.
ABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | abb | model: | datamanagerpro | scope: | eq | version: | 1.7.0 | Trust: 0.3 |
| vendor: | abb | model: | datamanagerpro | scope: | eq | version: | 1.0.0 | Trust: 0.3 |
| vendor: | abb | model: | datamanagerpro | scope: | ne | version: | 1.7.1 | Trust: 0.3 |
EXPLOIT
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Andrea Micalizzi.
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-16-259-02 | Trust: 0.3 |
| db: | NVD | id: | CVE-2016-4526 | Trust: 0.3 |
| db: | BID | id: | 92980 | Trust: 0.3 |
REFERENCES
| url: | http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html | Trust: 0.3 |
| url: | http://www.abb.com/ | Trust: 0.3 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-16-259-02 | Trust: 0.3 |
| url: | http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx | Trust: 0.3 |
| url: | http://blog.rapid7.com/?p=5325 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 92980 |
LAST UPDATE DATE
2022-07-27T09:51:47.811000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 92980 | date: | 2016-09-16T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 92980 | date: | 2016-09-16T00:00:00 |