Vulnerability title: Code Execution Vulnerability [LCE] in Dameware Mini Remote Control
Product: Mini Remote Control
Affected Version: 10.0.0.372
Fixed Version: 10.0 Hotfix 3
Reported by: Kyriakos Economou
Latest version of DameWare MRC v10.0.0.372, and possibly earlier versions, are vulnerable to arbitrary code execution when attempting to connect (or chat) to a host imported through a maliciously crafted MRCCv2.db file containing an invalid + long host name.
The PoC exploit uses full ROP to bypass DEP + ASLR. Tested in WinXP SP3 and Win7 (SP0, SP1), all 32-bit builds.
Furthermore, builds for Linux and Mac are possibly vulnerable to the same attack.
The exploit can also be triggered by importing the malicious file from a remote location.