Lucene search

[email protected]CVE-2012-4177

HistoryAug 07, 2012 - 8:55 p.m.

CVE-2012-4177

2012-08-0720:55:04

CWE-78

[email protected]

web.nvd.nist.gov

ubisoft

uplay pc

web browser plugin

cve-2012-4177

remote code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.853 High

EPSS

Percentile

98.6%

JSON

The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.

Affected configurations

NVD

Node

ubiuplay_pcRange≤2.0.3

ubiuplay_pcMatch2.0

ubiuplay_pcMatch2.0.1

ubiuplay_pcMatch2.0.2

CPENameOperatorVersion
ubi:uplay_pcubi uplay pcle2.0.3
ubi:uplay_pcubi uplay pceq2.0
ubi:uplay_pcubi uplay pceq2.0.1
ubi:uplay_pcubi uplay pceq2.0.2

CPE	Name	Operator	Version
ubi:uplay_pc	ubi uplay pc	le	2.0.3
ubi:uplay_pc	ubi uplay pc	eq	2.0
ubi:uplay_pc	ubi uplay pc	eq	2.0.1
ubi:uplay_pc	ubi uplay pc	eq	2.0.2

References

forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix

osvdb.org/84402

seclists.org/fulldisclosure/2012/Jul/375

www.bbc.com/news/technology-19053453

www.exploit-db.com/exploits/20321

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.853 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2012-4177

checkpoint_advisories1 prion1 cvelist1 nessus1 nvd1