CVE-2007-4149

Name of the Vulnerable Software and Affected Versions Visionsoft Audit version 12.4.0.0

Description The issue concerns the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit, where certain commands do not require authentication. Specifically, the LOG. command allows remote attackers to create or overwrite arbitrary files, potentially leading to code execution by writing to a Startup folder. The SETTINGSFILE command enables remote attackers to overwrite the ini file, reconfigure VSAOD, or cause a denial of service. Additionally, the UNINSTALL command allows remote attackers to cause a denial of service by shutting down the daemon.

Recommendations For Visionsoft Audit version 12.4.0.0, consider implementing authentication for the LOG., SETTINGSFILE, and UNINSTALL commands to prevent unauthorized access. As a temporary workaround, restrict access to these commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.