CVE-2010-0108
🟠 Łataj w tym tygodniu
Przepełnienie bufora w ActiveX Symantec Client Proxy umożliwia zdalne wykonanie kodu.
CVSS
10.0
EPSS
13.2%
Exploit
none
Vendor
symantec
Opis źródłowy (NVD)
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 10.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 13.2% |
| Opublikowano (NVD) | 2010-02-19 17:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://dsecrg.com/pages/vul/show.php?id=139 (cve@mitre.org)
- http://secunia.com/advisories/38651 (cve@mitre.org) [Vendor Advisory]
- http://www.securityfocus.com/archive/1/509681/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/38222 (cve@mitre.org)
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 (cve@mitre.org)
- http://www.vupen.com/english/advisories/2010/0412 (cve@mitre.org) [Vendor Advisory]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56355 (cve@mitre.org)