CVE-2008-5364

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
http://www.adobe.com/support/security/bulletins/apsb08-19.html	Vendor Advisory
http://www.securityfocus.com/bid/32105
http://www.vupen.com/english/advisories/2008/3002	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nos_microsystems:getplus_download_manager:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-12-08 11:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-5364

Mitre link : CVE-2008-5364

CVE.ORG link : CVE-2008-5364

JSON object : View

Products Affected

nos_microsystems

getplus_download_manager

adobe

acrobat_reader

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-5364", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-12-08T11:30:06.110", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754", "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32105", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3002", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el control ActiveX getPlus en gp.ocx v1.2.2.50 en NOS Microsystems getPlus Download Manager, como el usado por el proceso de instalaci\u00f3n de Adobe Reader v8.1 y otras descargas, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados, siendo una vulnerabilidad diferente a CVE-2008-4817."}], "lastModified": "2010-10-25T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nos_microsystems:getplus_download_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A36AB0B-960E-4CA3-B543-D0E8F8C073B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}