CVE-2005-3650

Sažetak

The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.

Reference

http://hack.fi/~muzzy/sony-drm/
http://secunia.com/advisories/17610
http://www.freedom-to-tinker.com/?p=927
http://www.kb.cert.org/vuls/id/312073
http://www.osvdb.org/20887
http://www.securityfocus.com/bid/15430
http://www.vupen.com/english/advisories/2005/2454
https://exchange.xforce.ibmcloud.com/vulnerabilities/23063

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

17-11-2005 - 11:02