8.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.111 Low
EPSS
Percentile
95.1%
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
CPE | Name | Operator | Version |
---|---|---|---|
tomahawk_technologies:steelarrow | tomahawk technologies steelarrow | eq | 4.1 |
archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html
online.securityfocus.com/archive/1/288013
www.iss.net/security_center/static/9888.php
www.iss.net/security_center/static/9889.php
www.iss.net/security_center/static/9890.php
www.nextgenss.com/advisories/steel-arrow-bo.txt
www.nextgenss.com/vna/tom-saro.txt
www.securityfocus.com/bid/4860
www.securityfocus.com/bid/5494
www.securityfocus.com/bid/5495
www.securityfocus.com/bid/5496
www.steelarrow.com/