Description: Pravus has discovered two vulnerabilities in Diskeeper, which can be exploited by malicious people to cause a DoS (Denial of Service) or disclose certain system information.
The vulnerabilities are caused due to input validation errors within the Diskeeper service (DkService.exe) when handling arguments passed to RPC requests with opcode 0x01. These can be exploited to crash the service or gain knowledge of certain system information (e.g. Windows version, address of loaded modules) via a specially crafted RPC request sent to default port 31038/TCP.
The vulnerabilities are confirmed in Diskeeper 2007 - ProPremier and reportedly affects Diskeeper 9 Professional. Other versions may also be affected.
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
