Executive Summary
Summary | |
---|---|
Title | Energizer DUO USB battery charger software allows unauthorized remote system access |
Informations | |||
---|---|---|---|
Name | VU#154421 | First vendor Publication | 2010-03-05 |
Vendor | VU-CERT | Last vendor Modification | 2010-04-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#154421Energizer DUO USB battery charger software allows unauthorized remote system accessOverviewThe software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.I. DescriptionEnergizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been available on the Energizer website. The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun registry key.Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Note that Windows XP SP2 and later systems include a firewall by default. Upon running the Energizer UsbCharger software for the first time, a dialog similar to the following is displayed: Removing the Energizer UsbCharger software will also remove the registry value that causes the backdoor to execute automatically when Windows starts. The Arucer.dll file will remain in the system32 directory, but the mechanisms for executing the code in the DLL will not be present.
References
Thanks to Ed Schaller for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/154421 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-18 | Name : Energizer DUO USB Battery Charger Software Backdoor File : nvt/gb_energizer_duo_usb_unauth_access_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62782 | Energizer DUO USB Battery Charger Software Arucer.dll Trojaned Distribution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Arucer backdoor traffic - NOP command attempt RuleID : 25015 - Revision : 3 - Type : MALWARE-BACKDOOR |
2014-01-10 | Arucer backdoor traffic - write file attempt RuleID : 16488 - Revision : 5 - Type : MALWARE-BACKDOOR |
2014-01-10 | Arucer backdoor traffic - yes command attempt RuleID : 16487 - Revision : 5 - Type : MALWARE-BACKDOOR |
2014-01-10 | Arucer backdoor traffic - command execution attempt RuleID : 16486 - Revision : 6 - Type : MALWARE-BACKDOOR |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-03-08 | Name : The remote Windows host has a backdoor. File : arugizer_backdoor.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Windows host has a backdoor. File : energizer_duo_arugizer_backdoor.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:15 |
|
2016-03-12 13:25:10 |
|
2016-03-12 09:23:41 |
|
2014-02-17 12:07:33 |
|