CVE-2007-1891

Sažetak

Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514
http://secunia.com/advisories/24900
http://www.kb.cert.org/vuls/id/120241
http://www.osvdb.org/34323
http://www.securityfocus.com/archive/1/465908/100/0/threaded
http://www.securityfocus.com/bid/23522
http://www.securitytracker.com/id?1017925
http://www.vupen.com/english/advisories/2007/1415

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:41

Objavljeno

18-04-2007 - 03:19