The researcher was able to execute arbitrary JScript.NET code against the Iconics Genesis64 Control Server product.
Upon searching the file system for examples of the filetypes that Iconics Genesis64 handles by default, researcher find something like a serialized object stored in a file that would be deserialized when the file is opened.
Some of the files are binary file formats. Some are compressed. Again, at this point in the process I’m just quickly scanning files for interesting strings and features, with no real expectations. However, when I scanned the “.gdfx” files the “ScriptCode” and “ScriptCodeManager” tags looked VERY interesting.
This is the vulnerability in the ICONICS Genesis64 Control Server’s handling of TDFX files. Researcher also showed the simple process to find “new” attack surface in the code. Unfortunately, identifying attack surface that has not seen significant scrutiny is oftentimes all that is necessary to find and exploit critical vulnerabilities.
ZDI assigned CVE-2022-33317 to this vulnerability and ICONICS fixed it in version 10.97.2.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings