Lucene search

[email protected]CVE-2012-0266

HistoryJan 15, 2012 - 3:55 a.m.

CVE-2012-0266

2012-01-1503:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-0266

stack-based buffer overflows

ntr activex control

remote code execution

security vulnerability

nvd

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.943 High

EPSS

Percentile

99.2%

JSON

Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.

CPENameOperatorVersion
ntrglobal:ntr_activex_controlntrglobal ntr activex controlle1.1.8

CPE	Name	Operator	Version
ntrglobal:ntr_activex_control	ntrglobal ntr activex control	le	1.1.8

References

archives.neohapsis.com/archives/bugtraq/2012-01/0074.html

osvdb.org/78252

secunia.com/advisories/45166

secunia.com/secunia_research/2012-1/

www.exploit-db.com/exploits/21841

exchange.xforce.ibmcloud.com/vulnerabilities/72291

exchange.xforce.ibmcloud.com/vulnerabilities/72292

exchange.xforce.ibmcloud.com/vulnerabilities/72293

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.943 High

EPSS

Percentile

99.2%

JSON

Related for CVE-2012-0266

cvelist1 checkpoint_advisories1 securityvulns2 prion1 packetstorm1 d21 nessus1