1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Fake Tech Support Website 34

Web Attack: Fake Tech Support Website 34

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to upload arbitrary files via directory traversal in Novell File Reporter application.

Additional Information

An arbitrary file-upload vulnerability occurs when handling requests on '/FSF/CMD' for records with NAME FSFUI and UICMD '130'. Specifically, this issue affects the 'NFRAgent.exe' file. An attacker can exploit this issue to execute arbitrary code and upload files to a host specified with the tag FILE with SYSTEM privileges

Affected

  • Novell File Reporter Agent 1.0.2
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube