Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:EXPLOIT:MS-BACKUP-MGR

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Windows Backup Manager Insecure Library Loading RCE

Release Date

 2011/01/14

Update Number

 1849

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+

HTTP: Microsoft Windows Backup Manager Insecure Library Loading Code Execution


This signature detects attempts to exploit a known remote code execution vulnerability in Microsoft Backup Manager. It is due to a design weakness in loading Dynamically Linked Libraries. The Windows Backup Manager incorrectly restricts the path used for loading external libraries. Remote attackers can exploit this by enticing target users to open a ".wbcat" file from a remote WebDAV or an SMB share. A successful attack can result in loading the attacker-controlled library and execution of arbitrary code with the privileges of the logged-in user. If a user is logged-on with administrative user rights, an attacker can take complete control of the affected system.

Extended Description

Microsoft Windows Backup ('sdclt.exe') is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.

Affected Products

  • Microsoft Windows Vista 1.0
  • Microsoft Windows Vista 2.0
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Business SP1
  • Microsoft Windows Vista Enterprise
  • Microsoft Windows Vista Enterprise SP1
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Home Basic SP1
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Home Premium SP1
  • Microsoft Windows Vista SP1
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista Ultimate SP1
  • Microsoft Windows Vista
  • Microsoft Windows Vista Business 64-bit edition SP1
  • Microsoft Windows Vista Business 64-bit edition
  • Microsoft Windows Vista Enterprise 64-bit edition SP1
  • Microsoft Windows Vista Enterprise 64-bit edition
  • Microsoft Windows Vista Home Basic 64-bit edition SP1
  • Microsoft Windows Vista Home Basic 64-bit edition
  • Microsoft Windows Vista Home Premium 64-bit edition SP1
  • Microsoft Windows Vista Home Premium 64-bit edition
  • Microsoft Windows Vista Ultimate 64-bit edition SP1
  • Microsoft Windows Vista Ultimate 64-bit edition
  • Microsoft Windows Vista x64 Edition SP1
  • Microsoft Windows Vista x64 Edition

References

  • BugTraq: 42763
  • CVE: CVE-2010-3145

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy & Policy
Legal Notices
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out