Lucene search

K
cve[email protected]CVE-2008-1107
HistoryApr 17, 2009 - 12:30 a.m.

CVE-2008-1107

2009-04-1700:30:00
CWE-119
web.nvd.nist.gov
19
cve-2008-1107
buffer overflow
activex control
danske bank
e-sec
arbitrary code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.167 Low

EPSS

Percentile

96.1%

Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are not properly handled by a logging function.

Affected configurations

NVD
Node
danskebankdanskesikker.ocxRange3.1.0.48

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.167 Low

EPSS

Percentile

96.1%