ID CVE-2010-0679 Type cve Reporter NVD Modified 2010-02-23T00:00:00
Description
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
{"modified": "2010-02-23T00:00:00", "id": "CVE-2010-0679", "edition": 1, "objectVersion": "1.2", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0679", "cvelist": ["CVE-2010-0679"], "references": ["http://www.securityfocus.com/bid/38225", "http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt", "http://www.exploit-db.com/exploits/11422", "http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt", "http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf"], "bulletinFamily": "NVD", "lastseen": "2016-09-03T13:33:58", "title": "CVE-2010-0679", "published": "2010-02-22T16:30:00", "viewCount": 0, "type": "cve", "cpe": ["cpe:/a:hyleos:chemview:1.9.5.1"], "description": "Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.", "hash": "bf15923e48a1ab825b7f82c58e4c5d428810507157929e60d9fb9b8f495c2e86", "reporter": "NVD", "scanner": [], "assessment": {"system": "", "name": "", "href": ""}, "enchantments": {"vulnersScore": 4.7}}
{"result": {"exploitdb": [{"id": "EDB-ID:11422", "type": "exploitdb", "title": "Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow Exploit meta", "description": "Hyleos ChemView v1.9.5.1 ActiveX Control Buffer Overflow Exploit (meta). CVE-2010-0679. Remote exploit for windows platform", "published": "2010-02-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/11422/", "cvelist": ["CVE-2010-0679"], "lastseen": "2016-02-01T14:16:48"}, {"id": "EDB-ID:16500", "type": "exploitdb", "title": "Hyleos ChemView ActiveX Control Stack Buffer Overflow", "description": "Hyleos ChemView ActiveX Control Stack Buffer Overflow. CVE-2010-0679. Remote exploit for windows platform", "published": "2010-07-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/16500/", "cvelist": ["CVE-2010-0679"], "lastseen": "2016-02-02T00:00:30"}], "openvas": [{"id": "OPENVAS:900749", "type": "openvas", "title": "Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities", "description": "This host is installed with Hyleos ChemView ActiveX Control and is\n prone to multiple Buffer Overflow vulnerabilities.", "published": "2010-03-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900749", "cvelist": ["CVE-2010-0679"], "lastseen": "2017-07-20T08:49:14"}, {"id": "OPENVAS:1361412562310900749", "type": "openvas", "title": "Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities", "description": "This host is installed with Hyleos ChemView ActiveX Control and is\n prone to multiple Buffer Overflow vulnerabilities.", "published": "2010-03-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900749", "cvelist": ["CVE-2010-0679"], "lastseen": "2018-01-19T15:05:00"}], "packetstorm": [{"id": "PACKETSTORM:92197", "type": "packetstorm", "title": "Hyleos ChemView ActiveX Control Stack Buffer Overflow", "description": "", "published": "2010-07-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/92197/Hyleos-ChemView-ActiveX-Control-Stack-Buffer-Overflow.html", "cvelist": ["CVE-2010-0679"], "lastseen": "2016-12-05T22:25:27"}], "metasploit": [{"id": "MSF:EXPLOIT/WINDOWS/BROWSER/HYLEOS_CHEMVIEWX_ACTIVEX", "type": "metasploit", "title": "Hyleos ChemView ActiveX Control Stack Buffer Overflow", "description": "This module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.", "published": "2010-07-27T02:25:15", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2010-0679"], "lastseen": "2018-04-16T12:26:58"}]}}