exploitDog

CVE-2014-2956

Опубликовано: 08 июл. 2014

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.

Комментарий

Per: http://www.kb.cert.org/vuls/id/960193

"This issue is addressed in AVG Secure Search toolbar version 18.1.7.598 and AVG Safeguard 18.1.7.644"

Ссылки

http://www.kb.cert.org/vuls/id/960193
US Government Resource
http://www.kb.cert.org/vuls/id/960193
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avg:safeguard:*:*:*:*:*:*:*:*

Версия до 18.1.7 (включая)

cpe:2.3:a:avg:secure_search_toolbar:*:*:*:*:*:*:*:*

Версия до 18.1.7 (включая)

EPSS

Процентиль: 80%

0.01371

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-p3rw-869q-ccjh

github

больше 3 лет назад

ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.

EPSS

Процентиль: 80%

0.01371

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-264