CVE-2010-1906 | Vulnerability Database | Aqua Security

tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the .pipe__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.

Affected Software

Name	Vendor	Start Version	End Version
Consona_dynamic_agent	Consona	- (including)	- (including)
Consona_repair_manager	Consona	*	*
Consona_subscriber_activation	Consona	*	*
Consona_subscriber_agent	Consona	*	*

References

http://secunia.com/advisories/39752
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf
http://secunia.com/advisories/39752
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1906
CWE	https://cwe.mitre.org/data/definitions/310.html