Info

Disclosure

Sep 03, 2006

Discovery

Unknown

Dates

Exploit

Sep 03, 2006

Solution

Unknown

Description

Web Dictate contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user logs into the 'Admin' account with a null password. This flaw may lead to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 1.02 Release or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

NCH Swift Sound

Web Dictate

1.02 Beta

References

Security Tracker: 1016789
Bugtraq ID: 19836
CVE ID: 2006-4603 (see also: NVD)
Secunia Advisory ID: 21747
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0022.html
http://attrition.org/pipermail/vim/2006-October/001086.html
Vendor URL: http://nchsoftware.com/

Credit

Revnic Vasile - revnicgmail.com -

Direct URL: http://osvdb.org/28547