1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP RemoteDocs R-Viewer Code Exec

HTTP RemoteDocs R-Viewer Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in RemoteDocs R-Viewer caused by processing a maliciously formed RemoteDocs file.

Additional Information

RemoteDocs R-Viewer is a secure document viewer developed by RemoteDocs.

RemoteDocs R-Viewer is prone to multiple vulnerabilities:

- A remote code-execution vulnerability occurs because the application fails to handle specially crafted RDZ files. Specifically, the application fails to handle malicious code that is inserted into the first file of the RDZ archive.

- An information-disclosure vulnerability occurs because the application fails to protect unauthorized users from accessing directories with predictable names. An attacker could exploit this issue to access unencrypted copies of documents that have been opened by R-Viewer.

Successfully exploiting these issues will allow attackers to execute arbitrary code with the privileges of the currently logged-in user and to obtain sensitive information.

These issues affect R-Viewer 1.6.2836; prior versions may also be affected.

Affected

  • RemoteDocs R-Viewer 1.6.2836, 1.6.3768

Response

The vendor released an update to address these issues.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube