QwikSec

Security Database

CVE

CWE

Training

CVE-2018-17980

Published: Oct 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.nomachine.com/TR10P08887

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/149784/NoMachine-5.3.26-Remote-Code-Execution.html

x_refsource_MISC

http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.