PT-2006-7198 · Hyperaccess+1 · Hyperaccess+1
Brett Moore
·
Published
2006-12-15
·
Updated
2018-10-17
·
CVE-2006-6596
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HyperAccess version 8.4
Description
The issue allows remote attackers to execute arbitrary vbscript and commands via a session file, which can be automatically opened using Internet Explorer.
Recommendations
For HyperAccess version 8.4, consider disabling the automatic opening of session files in Internet Explorer as a temporary workaround until a patch is available. Restrict access to .HAW files to minimize the risk of exploitation. Avoid using Internet Explorer to open untrusted session files until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hyperaccess
Internet Explorer