CVE-2019-9017
published 2019-05-02CVE-2019-9017: DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
20.59%
97.2th percentile
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | dameware_mini_remote_control | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor execution of DWRCC.exe with a -m: argument containing an anomalously long string (300+ characters) as the machine name parameter, which is the overflow vector. ↗
- →The PoC constructs a 300-byte buffer of repeated 'A' characters passed to the -m: (machine host name) parameter; detect command-line invocations of DWRCC.exe where -m: is followed by an unusually large value. ↗
- →The exploit is delivered via VBScript (WScript.Shell / CreateObject) launching DWRCC.exe; monitor for scripting engines (wscript.exe/cscript.exe) spawning DWRCC.exe as a child process. ↗
- ·Vulnerability is specific to the x64 build of DameWare Mini Remote Control version 10.0; other versions or architectures are not confirmed affected. ↗
- ·The PoC was tested only on Windows 7 SP1 x64; exploit reliability on other Windows versions is unconfirmed. ↗
- ·The overflow is triggered via the command-line -m: (machine name) parameter, not over the network; exploitation requires local or scripted execution of DWRCC.exe. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/152721/SolarWinds-DameWare-Mini-Remote-Control-10.0-Denial-Of-Service.htmlhttp://www.binaryworld.it/guidepoc.asphttps://www.exploit-db.com/exploits/46793/http://packetstormsecurity.com/files/152721/SolarWinds-DameWare-Mini-Remote-Control-10.0-Denial-Of-Service.htmlhttp://www.binaryworld.it/guidepoc.asphttps://www.exploit-db.com/exploits/46793/
2019-05-02
Published