CVE-2006-5820

Sažetak

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

Reference

http://osvdb.org/34318
http://secunia.com/advisories/24714
http://securityreason.com/securityalert/2513
http://www.kb.cert.org/vuls/id/478225
http://www.securityfocus.com/archive/1/464313/100/0/threaded
http://www.securityfocus.com/bid/23224
http://www.tippingpoint.com/security/advisories/TSRT-07-03.html
http://www.vupen.com/english/advisories/2007/1184
https://exchange.xforce.ibmcloud.com/vulnerabilities/33347

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-10-2018 - 21:45

Objavljeno

02-04-2007 - 22:19