CVE-2011-2386

Sažetak

VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.

Reference

http://osvdb.org/72464
http://secunia.com/advisories/44636
http://www.exploit-db.com/exploits/17317
http://www.securityfocus.com/bid/47948
http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Pointer-%28SS-20
http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

27-04-2012 - 04:00

Objavljeno

08-06-2011 - 10:36