Iron Mountain Connected Backup Opcode 13 Processing Command Injection

Added: 12/12/2011
CVE: CVE-2011-2397
BID: 50884
OSVDB: 77495

Background

Iron Mountain Connected Backup is a solution for automatic online backup and recovery for Microsoft Windows and Mac OS X. An agent is installed on each computer that is to be backed up. The agent listens by default on TCP port 16388.

Problem

The Agent service in Iron Mountain Connected Backup allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Resolution

Updated versions are available through normal support channels (http://customers.autonomy.com, http://digitalresourcecenter.ironmountain.com).

References

http://www.zerodayinitiative.com/advisories/ZDI-11-339/

Limitations

Exploit works on Iron Mountain Connected BackupPC 8.5.1.

Platforms

Windows

Back to exploit index