Sunway ForceControl and pNetPower Multiple Security Vulnerabilities
September 22, 2011
Luigi Auriemma publically disclosed several
vulnerability affecting various components of the Sunway
ForceControl and pNetPower applications.
Sunway ForceControl and pNetPower is prone to multiple
security vulnerabilities. These vulnerabilities
include:
1. Stack Overflows (AngelServer, NetDBServer)
2. Integer Overflows (WebServer, NetDBServer)
3. Directory Traversal (WebServer)
4. ActiveX Control Code Execution (YRWXls.ocx - Cell
Software)
5. Information Disclosure (NetServer)
6. Denial of Service (AngelServer, NetDBServer)
Attackers can exploit these issues to execute arbitrary
code in the context of the affected application,
retrieve arbitrary files outside of the server root
directory, or cause denial-of-service conditions; other
attacks may also be possible.
Sunway ForceControl versions 6.1 sp3 and prior are
vulnerable.