CVE-2005-3650

Опубликовано: 17 нояб. 2005

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.

Ссылки

http://hack.fi/~muzzy/sony-drm/
http://secunia.com/advisories/17610
Vendor Advisory
http://www.freedom-to-tinker.com/?p=927
http://www.kb.cert.org/vuls/id/312073
Third Party Advisory
US Government Resource
http://www.osvdb.org/20887
http://www.securityfocus.com/bid/15430
http://www.vupen.com/english/advisories/2005/2454
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23063
http://hack.fi/~muzzy/sony-drm/
http://secunia.com/advisories/17610
Vendor Advisory
http://www.freedom-to-tinker.com/?p=927
http://www.kb.cert.org/vuls/id/312073
Third Party Advisory
US Government Resource
http://www.osvdb.org/20887
http://www.securityfocus.com/bid/15430
http://www.vupen.com/english/advisories/2005/2454
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23063

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:first4internet_xcp_drm:first4internet_xcp_drm:*:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09353

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-8cj5-hxpv-xwgg

github

почти 4 года назад