SUMMARY
The following vulnerability was found in DameWare Mini Remote Control: ( now Solarwinds )
CVE-2016-2345
A certain message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.
IMPACT
Access Vector:Local
Access Complexity:Low
Authentication:Not required to exploit
Impact Type:Allows unauthorized disclosure of information; code execution; disruption of service
Privilege Level:SYSTEM