CVE-2015-4674

Sažetak

The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

Reference

http://seclists.org/fulldisclosure/2015/Jun/105
http://www.securityfocus.com/archive/1/535881/100/700/threaded
http://www.securityfocus.com/bid/75572

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-10-2018 - 19:57

Objavljeno

07-08-2015 - 01:59