[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://ift.tt/2yxXTNX [+] ISR: ApparitionSec Vendor: =============www.avaya.com Product: =========== Avaya IP Office (IPO) v9.1.0 - 10.1 IP Office is Avaya's global midsize solution for enterprises, supporting up to 3,000 users at a single location with IP Office Select editions. For businesses with multiple locations, IP Office provides a powerful set of tools to help streamline operations, centralize management, and reduce total cost of ownership for converged networks. Using industry standards, IP Office enables companies to share resources, provide improved customer service, and keep mobile employees accessible. Provides a hybrid PBX with TDM and IP telephony and trunk support. Provides IP routing, switching and firewall protection, between LAN and WAN (LAN2). In addition to basic telephony services and voicemail, IP Office offers both hard phone and soft phone options. Includes a robust set of tools for administration (Manager), call tracking (SMDR), and system monitoring and diagnostics (System Status Application). Available editions: Basic, Essential, Preferred, Server, Server Select, Server with Virtualized Software, Server/Sever Select hosted in the Cloud. Vulnerability Type: ==================== ActiveX Remote Buffer Overflow CVE Reference: ============== CVE-2017-12969 ASA-2017-313 Security Issue: ================ ViewerCtrl.ocx ActiveX Component used by Avaya IP Office (IPO) can be exploited by remote attackers to potentially execute arbitrary attacker supplied code. User would have to visit a malicious webpage using InternetExplorer where the exploit could be triggered. Clsid: {27F12EFD-325D-4907-A2D2-C38A2B6D3334} Safe for Script: False Safe for Init: False ACCESS_VIOLATION 8C4A77 MOV EAX,[ECX] SEH Chain:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment