|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 20178. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the rlmswitch_process functionality of the Reprise License Manager service. The issue lies in the handling of the file parameter which can result in overwriting arbitrary files. When used along with the e3dit_opt_process functionality of the service, partially controlled data can be written to arbitrary files. An attacker could leverage this vulnerability to execute code under the context of logged-in user.
07/09/2015 - ZDI emailed vendor and requested contact