VULHUB ™

A vulnerability has been discovered in DameWare Mini Remote Control Server that could allow an unprivileged Windows user to gain SYSTEM privileges. The problem lies in the fact that DameWare Mini Remote Control Server runs with a window that has SYSTEM privileges, which is accessible by an unprivileged user. Due to a flaw in the Windows Messaging Subsystem, an attacker could exploit this issue by sending a malformed message to the target window, effectively triggering the execution of previously supplied instructions. It has been discovered that this issue only affects DMRCS when implementing specific client configurations. This vulnerability affects DWMRCS versions prior to 3.71.0.0. It should be noted that this BID previously stated that this issue was addressed in 3.70.0.0, which was incorrect.

A vulnerability has been discovered in DameWare Mini Remote Control Server that could allow an unprivileged Windows user to gain SYSTEM privileges. The problem lies in the fact that DameWare Mini Remote Control Server runs with a window that has SYSTEM privileges, which is accessible by an unprivileged user. Due to a flaw in the Windows Messaging Subsystem, an attacker could exploit this issue by sending a malformed message to the target window, effectively triggering the execution of previously supplied instructions. It has been discovered that this issue only affects DMRCS when implementing specific client configurations. This vulnerability affects DWMRCS versions prior to 3.71.0.0. It should be noted that this BID previously stated that this issue was addressed in 3.70.0.0, which was incorrect.