Описание
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
Ссылки
- ProductVendor Advisory
- Vendor Advisory
- ProductVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.0:sp-534:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11259
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-190
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
EPSS
Процентиль: 93%
0.11259
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-190