Lucene search
MitreCVE-2008-3435HistoryAug 01, 2008 - 2:41 p.m.
CVE-2008-3435
2008-08-0114:41:00
CWE-94
mitre
web.nvd.nist.gov
23
linkedin
browser toolbar
cve-2008-3435
update authenticity
code execution
man-in-the-middle
evilgrade
dns cache poisoning
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
High
EPSS
0.002
Percentile
56.9%
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Affected configurations
Node
linkedinbrowser_toolbarRange≤3.0.3.1100
| Vendor | Product | Version | CPE |
|---|---|---|---|
| browser_toolbar | * | cpe:2.3:a:linkedin:browser_toolbar:*:*:*:*:*:*:*:* |
Related
kaspersky
kaspersky
KLA10244 ACE vulnerability in LinkedIn Browser Toolbar
2008-08-01 00:00:00
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00
nvd
nvd
CVE-2008-3435
2008-08-01 14:41:00
cvelist
cvelist
CVE-2008-3435
2008-08-01 14:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
High
EPSS
0.002
Percentile
56.9%
Related for CVE-2008-3435