Описание
EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.0.16 (включая)
cpe:2.3:a:eyesurfer:bflyinstallerx.ocx:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00233
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-494
CWE-494
Связанные уязвимости
github
больше 3 лет назад
EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.
EPSS
Процентиль: 46%
0.00233
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-494
CWE-494