Emote Interactive Remote Mouse Server Command Injection Vulnerability Leading to Remote Code Execution

A vulnerability in the Remote Mouse Server by Emote Interactive allows attackers to inject operating system commands via the application's custom control protocol. This issue arises from the use of a simple substitution cipher sent in cleartext, combined with the reliance on a default password when users do not set one. The vulnerability has been confirmed in version 4.110, which was the latest release at the time this CVE was filed.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system, with the executed code running under the user account that operates the Remote Mouse Server.

Reproduction

The vulnerability can be reproduced by sending crafted commands through the Remote Mouse Server's control protocol. This can be done using the Metasploit Framework, specifically the 'remote_mouse_rce' exploit module. The exploit connects to the target server, bypasses any password protection, and executes a payload that opens a command prompt on the target machine. The Metasploit module handles the injection of the payload and the execution process.

Remediation

Users are advised to update to Remote Mouse Server version 4.502 or later, as this version addresses the vulnerability by removing the default password and implementing other security measures.