CVE-2010-1909

Опубликовано: 12 мая 2010

Источник: nvd

CVSS2: 7.6

EPSS Средний

Описание

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information.

Ссылки

http://secunia.com/advisories/39751
Vendor Advisory
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.kb.cert.org/vuls/id/602801
Patch
US Government Resource
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf
Exploit
http://secunia.com/advisories/39751
Vendor Advisory
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.kb.cert.org/vuls/id/602801
Patch
US Government Resource
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*

cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*

cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*

cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*

cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.22785

Средний

7.6 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-m3qj-gw3q-pq38

github

больше 3 лет назад