This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote code execution vulnerability in RemoteDocs R-Viewer caused by processing a maliciously formed RemoteDocs file.
RemoteDocs R-Viewer is a secure document viewer developed by RemoteDocs.
RemoteDocs R-Viewer is prone to multiple vulnerabilities:
- A remote code-execution vulnerability occurs because the application fails to handle specially crafted RDZ files. Specifically, the application fails to handle malicious code that is inserted into the first file of the RDZ archive.
- An information-disclosure vulnerability occurs because the application fails to protect unauthorized users from accessing directories with predictable names. An attacker could exploit this issue to access unencrypted copies of documents that have been opened by R-Viewer.
Successfully exploiting these issues will allow attackers to execute arbitrary code with the privileges of the currently logged-in user and to obtain sensitive information.
These issues affect R-Viewer 1.6.2836; prior versions may also be affected.
- RemoteDocs R-Viewer 1.6.2836, 1.6.3768
The vendor released an update to address these issues.