Lucene search

[email protected]CVE-2008-4396

HistoryOct 02, 2008 - 8:37 p.m.

CVE-2008-4396

2008-10-0220:37:29

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4396

stack-based buffer overflow

safer networking

filealyzer

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.

Affected configurations

NVD

Node

safer_networkingfilealyzerMatch1.6.0.0

safer_networkingfilealyzerMatch1.6.0.4beta

CPENameOperatorVersion
safer_networking:filealyzersafer networking filealyzereq1.6.0.0
safer_networking:filealyzersafer networking filealyzereq1.6.0.4

CPE	Name	Operator	Version
safer_networking:filealyzer	safer networking filealyzer	eq	1.6.0.0
safer_networking:filealyzer	safer networking filealyzer	eq	1.6.0.4

References

forums.spybot.info/showthread.php?t=34737

lostmon.blogspot.com/2008/09/filealyzer-1604-stak-overflow.html

packetstormsecurity.org/0809-advisories/filealyzer-overflow.txt

www.securityfocus.com/bid/31474

exchange.xforce.ibmcloud.com/vulnerabilities/45516

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for CVE-2008-4396

prion1 nvd1 cvelist1