A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged on session or execute arbitrary code while using the active-x version of the product. To reproduce the exploit, first upload a file with an extension that has not been associated to an application, attaching it to the current call. Next attempt to open the file. When prompted which application to use to open the file a file dialog appears. In the file dialog, select and run the executable code you wish to run. Cancel the dialog box. This vulnerability also exposes the file system of the host machine in a similar manner. The code runs in the context of the current user. Necessary precautions should be taken to mitigate risk. This vulnerability exists in all tested versions of iHeat that use active-x controls and may also exist in other FrontRange products.
