Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:346278
HistoryDec 03, 2013 - 12:00 a.m.

AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerability

2013-12-0300:00:00
www.kb.cert.org
18

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

Overview

AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions contain a stack-based buffer overflow (CWE-121) vulnerability.

Description

CWE-121: Stack-based Buffer Overflow

AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions contain a stack-based buffer overflow vulnerability. AT&T Connect allows a user to join a web conference via a web browser. When joining a conference, AT&T provides the .SVT file for the user to open. Upon opening the file, the user is able to join the conference.

An attacker can send a malformed .SVT file to a victim which can allow the attacker to run arbitrary code in the context of the logged in user.

Impact

A remote unauthenticated attacker that is able to trick a user into opening a malicious .SVT file may be able to obtain sensitive information, cause a denial of service condition, or execute arbitrary code with the privileges of the application.

Solution

Apply an Update

AT&T has released Connect Participant Application for Windows v.9.5.51 to address this vulnerability. Affected users are advised to upgrade.

Vendor Information

346278

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

AT&T Affected

Notified: September 12, 2013 Updated: November 04, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 8.3 AV:N/AC:M/Au:N/C:P/I:P/A:C
Temporal 6.5 E:POC/RL:OF/RC:C
Environmental 1.6 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Christopher Gabriel of Telos Corporation for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-6029
Date Public: 2013-11-12 Date First Published:

Related

cve 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2013-6029
2013-12-04 18:25:23
nvd
nvd
CVE-2013-6029
2013-12-04 18:25:23
prion
prion
Stack overflow
2013-12-04 18:25:00
cvelist
cvelist
CVE-2013-6029
2013-12-04 02:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON
Related for VU:346278
cve1nvd1prion1cvelist1