Lucene search

[email protected]CVE-2008-1307

HistoryMar 12, 2008 - 5:44 p.m.

CVE-2008-1307

2008-03-1217:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1307

heap-based buffer overflow

kupdateobj2

class activex control

kingsoft antivirus

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.145 Low

EPSS

Percentile

95.8%

JSON

Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.

Affected configurations

NVD

Node

kingsoftantivirus_online_update_moduleMatch2007.12.29.29

CPENameOperatorVersion
kingsoft:antivirus_online_update_modulekingsoft antivirus online update moduleeq2007.12.29.29

CPE	Name	Operator	Version
kingsoft:antivirus_online_update_module	kingsoft antivirus online update module	eq	2007.12.29.29

References

secunia.com/advisories/29204

www.securityfocus.com/bid/28172

www.vupen.com/english/advisories/2008/0857/references

exchange.xforce.ibmcloud.com/vulnerabilities/41088

www.exploit-db.com/exploits/5225

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.145 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2008-1307

cvelist1 nvd1 prion1