OSVDB ID: 6578 Title: WatchGuard ServerLock DLL Injection Arbitrary Module Execution |
Info |
|
|
Dates |
||||
|
|
Description |
Server Lock contains a flaw that may allow a malicious user to inject arbitrary DLLs. The issue is triggered when the OpenProcess() call is used and no sanity checks are performed. It is possible that the flaw may allow malicious DLL injection resulting in a loss of integrity. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Upgrade to version 2.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
|
elka.pw.edu.pl -