Lucene search

[email protected]CVE-2008-4508

HistoryOct 09, 2008 - 6:00 p.m.

CVE-2008-4508

2008-10-0918:00:00

CWE-119

[email protected]

web.nvd.nist.gov

tonec internet download manager

buffer overflow

remote attack

denial of service

arbitrary code execution

cve-2008-4508

nvd

8.3 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210.

CPENameOperatorVersion
tonec_inc.:internet_download_managertonec inc. internet download managerle5.14
tonec_inc.:internet_download_managertonec inc. internet download managereq*

CPE	Name	Operator	Version
tonec_inc.:internet_download_manager	tonec inc. internet download manager	le	5.14
tonec_inc.:internet_download_manager	tonec inc. internet download manager	eq	*

References

downloads.securityfocus.com/vulnerabilities/exploits/31603.pl

www.securityfocus.com/bid/31603

exchange.xforce.ibmcloud.com/vulnerabilities/45711

8.3 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2008-4508

prion1 kaspersky1 cve1