Security Update for RemoteExec

IS Decisions just released RemoteExec 4.05, the latest version of our software solution designed to remotely perform installations, updates and system actions on Microsoft Windows servers and workstations. 

This security update resolves a Secunia reported vulnerability in RemoteExec 4.04 (and prior versions) that could be exploited to cause a stack-based buffer overflow by tricking a user into loading a “.rec” (RemoteExec Computers List) file having an overly long line (e.g. of 9000 characters).

Even though .rec files are not associated with RemoteExec, an administrator might still be tricked into loading a malicious “.rec” file, or a normally trusted “.rec” file could be altered if hosted in a compromised environment.
The requirement for user interaction and the trust factor significantly lower the criticality of the vulnerability, but they do not completely eliminate the risk.

We therefore strongly advise RemoteExec users to update their RemoteExec licenses as soon as possible.

RemoteExec 4.05 can be downloaded from IS Decisions website.

We wish to express our sincere thanks to Secunia and Parvez Anwar for helping us keeping our software solutions secure.