CVE-2010-0990

Опубликовано: 15 июн. 2010

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.

Ссылки

http://secunia.com/advisories/38970
Vendor Advisory
http://secunia.com/secunia_research/2010-52/
Vendor Advisory
http://www.securityfocus.com/archive/1/511795/100/0/threaded
http://www.securityfocus.com/bid/40768
http://secunia.com/advisories/38970
Vendor Advisory
http://secunia.com/secunia_research/2010-52/
Vendor Advisory
http://www.securityfocus.com/archive/1/511795/100/0/threaded
http://www.securityfocus.com/bid/40768

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:creative:autoupdate_engine_activex_control:2.0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:creative:autoupdate:1.40.01:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05755

Низкий

10 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-c2cr-8883-w7cm

github

почти 4 года назад