Lucene search

[email protected]CVE-2008-5159

HistoryNov 18, 2008 - 9:30 p.m.

CVE-2008-5159

2008-11-1821:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-5159

integer overflow

remote administration protocol

denial of service

wincom lpd total 3.0.2.623

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.56 Medium

EPSS

Percentile

97.7%

JSON

Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.

Affected configurations

NVD

Node

clientsoftwarewincome_mpd_totalRange≤3.0.2.623

CPENameOperatorVersion
clientsoftware:wincome_mpd_totalclientsoftware wincome mpd totalle3.0.2.623

CPE	Name	Operator	Version
clientsoftware:wincome_mpd_total	clientsoftware wincome mpd total	le	3.0.2.623

References

aluigi.org/adv/wincomalpd-adv.txt

aluigi.org/poc/wincomalpd.zip

secunia.com/advisories/28763

securityreason.com/securityalert/4610

www.securityfocus.com/archive/1/487507/100/200/threaded

www.securityfocus.com/bid/27614

www.vupen.com/english/advisories/2008/0410

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.56 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2008-5159

nvd1 cvelist1 packetstorm1 prion1 openvas2