Lucene search

[email protected]CVE-2010-4556

HistoryDec 17, 2010 - 7:00 p.m.

CVE-2010-4556

2010-12-1719:00:24

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-4556

sap

netweaver

business client

buffer overflow

security vulnerability

remote code execution

activex

control

8.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.215 Low

EPSS

Percentile

96.4%

JSON

Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.

Affected configurations

NVD

Node

sapnetweaver_business_client

CPENameOperatorVersion
sap:netweaver_business_clientsap netweaver business clienteq*

CPE	Name	Operator	Version
sap:netweaver_business_client	sap netweaver business client	eq	*

References

secunia.com/advisories/35796

www.securityfocus.com/bid/45396

www.securitytracker.com/id?1024890

www.vupen.com/english/advisories/2010/3239

www.zerodayinitiative.com/advisories/ZDI-10-290/

exchange.xforce.ibmcloud.com/vulnerabilities/64061

service.sap.com/sap/support/notes/1519966

8.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.215 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2010-4556

prion1 nvd1 cvelist1