CVE-2010-0990

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/38970	Vendor Advisory
http://secunia.com/secunia_research/2010-52/	Vendor Advisory
http://www.securityfocus.com/archive/1/511795/100/0/threaded
http://www.securityfocus.com/bid/40768

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:creative:autoupdate_engine_activex_control:2.0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:creative:autoupdate:1.40.01:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-06-15 14:04

Updated : 2024-02-04 17:54

NVD link : CVE-2010-0990

Mitre link : CVE-2010-0990

CVE.ORG link : CVE-2010-0990

JSON object : View

Products Affected

creative

autoupdate
autoupdate_engine_activex_control

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-0990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-06-15T14:04:22.360", "references": [{"url": "http://secunia.com/advisories/38970", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2010-52/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/511795/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/40768", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en Creative Software AutoUpdate Engine ActiveX Control v2.0.12.0, como el usado en Creative Software AutoUpdate 1.40.01, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relativos al m\u00e9todo BrowseFolder."}], "lastModified": "2018-10-10T19:55:13.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:creative:autoupdate_engine_activex_control:2.0.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36CFCA60-BF05-4892-81DD-BF6F6876B599"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:creative:autoupdate:1.40.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21B8C3DD-2839-47FF-90BF-DFDF04E373CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}