CVE-2009-4661

Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.exploit-db.com/exploits/9695
http://www.exploit-db.com/exploits/9734
http://www.exploit-db.com/exploits/9695
http://www.exploit-db.com/exploits/9734

Configurations

Configuration 1 (hide)

cpe:2.3:a:bigantsoft:bigant_server:*:sp6:*:*:*:*:*:*

History

21 Nov 2024, 01:10

Type	Values Removed	Values Added
References	~~() http://www.exploit-db.com/exploits/9695 -~~	() http://www.exploit-db.com/exploits/9695 -
References	~~() http://www.exploit-db.com/exploits/9734 -~~	() http://www.exploit-db.com/exploits/9734 -

Information

Published : 2010-03-03 20:30

Updated : 2024-11-21 01:10

NVD link : CVE-2009-4661

Mitre link : CVE-2009-4661

CVE.ORG link : CVE-2009-4661

JSON object : View

Products Affected

bigantsoft

bigant_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2009-4661", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-03-03T20:30:00.523", "references": [{"url": "http://www.exploit-db.com/exploits/9695", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/9734", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/9695", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/9734", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en BigAnt Server 2.50 SP6 y versiones anteriores permiten a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un fichero XIP manipulado que no es manejado de manera adecuada cuando la victima usa el elemento de men\u00fa de la consola (1) Update o (2) Plug-In."}], "lastModified": "2024-11-21T01:10:09.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bigantsoft:bigant_server:*:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8917F1B4-BA51-42C7-A498-9C2752C03E2C", "versionEndIncluding": "2.50"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10