CVE-2009-1606

Sažetak

Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://secunia.com/advisories/35017
http://www.securityfocus.com/bid/34900
https://exchange.xforce.ibmcloud.com/vulnerabilities/50420
https://exchange.xforce.ibmcloud.com/vulnerabilities/50421
https://exchange.xforce.ibmcloud.com/vulnerabilities/50422
https://exchange.xforce.ibmcloud.com/vulnerabilities/50423

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:30

Objavljeno

11-05-2009 - 20:00