[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GFI WebMonitor Admin UI Remote Script Code Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GFI WebMonitor Admin UI Remote Script Code Injection
From: Oliver Karow <oliver.karow@xxxxxx>
Date: Wed, 25 Aug 2010 12:46:13 +0200

GFI WebMonitor Admin UI Remote Script Code Injection
====================================================

Affected Products/Versions
--------------------------

Product Name: GFI Webmonitor
Version Number: 2009
Build Number: 20100324
Platform: Microsoft Windows


Product/Company Information
---------------------------

GFI WebMonitor is a enterprise filtering and monitoring solution for web 
traffic, 
that also protects users against viruses, spyware, malware and phishing scams. 


From GFI's website:

                "GFI WebMonitor offers web security features that allow you to 
control your 
employees Internet access by monitoring what files employees are downloading, 
to 
block file types such as MP3s and to scan all files for viruses, spyware and 
malware 
using multiple antivirus engines. GFI WebMonitor lowers the risk of social 
engineering 
by blocking access to phishing websites through the use of an auto-updatable 
database 
of phishing urls. The web monitoring features also allow you to monitor and 
block 
Live Messengenger (MSN) chat sessions and file transfers."

GFI's Website can be found at http://www.gfi.com


Vulnerability Description
-------------------------

GFI WebMonitor works as a proxy for HTTP communication and is doing 
insufficient 
input filtering on data, send to the proxy port. This enables attackers to 
inject 
script code that will be executed within the GFI WebMonitor configuration UI.


Patch Information
-----------------

http://ftp.gfisoftware.com/patches/WebMon2009/20100324/WM2009_PATCH_20100823_01.zip


Advisory Information
---------------------

This: http://www.oliverkarow.de/research/GFIWebMonitor.txt
Blog: 
http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/


History
-------

27/07/2010 - Informing GFI about vulnerability
28/07/2010 - Initial response from GFI
29/07/2010 - Sending full vulnerability description to GFI 
17/08/2010 - GFI sent fix for testing
20/08/2010 - Fix successfully tested, sent response to GFI
25/08/2010 - Advisory release

Prev by Date: Re: Web Tool Announcement: ismymailsecure.com
Next by Date: Re: Web Tool Announcement: ismymailsecure.com
Previous by thread: TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)
Next by thread: Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll)
Index(es):
- Date
- Thread