Alchemy Eye Remote Command Execution Vulnerability

Alchemy Eye is a network monitor tool for Windows based environments. Alchemy Eye is maintained by Alchemy Labs.

A directory traversal issue exists in Alchemy Eye which could allow for remote command execution.

Successful exploitation can lead to attackers gaining access to the host.

The vendor attempted to fix this vulnerability, however Alchemy Eye remains vulnerable. On patched systems, attackers can traverse out of the root directory by placing MS-DOS device names before the first "../".


Privacy Statement
Copyright 2010, SecurityFocus