SolarWinds DameWare Mini Remote Control < 12.0 Hotfix 1 DWRCC.exe RCE
High Nessus Plugin ID 86994
SynopsisThe remote host is running a remote management application that is affected by a remote code execution vulnerability.
DescriptionThe remote host is running a version of SolarWinds DameWare Mini Remote Control prior to 12.0 Hotfix 1. It is, therefore, affected by a remote code execution vulnerability due to a flaw in the DWRCC.exe URI handler that is triggered when handling certain command line arguments. An unauthenticated, remote attacker can exploit this by convincing a user to follow a link containing a crafted command line argument, resulting in a stack-based buffer overflow and the execution of arbitrary code.
SolutionUpgrade to SolarWinds DameWare Mini Remote Control v12.0 Hotfix 1 or later.