6 matches found
CVE-2017-7908
CVE-2017-7908 is a heap-based buffer overflow in the Gigasoft ActiveX controls embedded in GE Communicator (v5 and earlier). A malicious HTML file loading these controls can trigger unchecked function calls, enabling arbitrary code execution (and possible DoS) as described for Communicator 3.15 a...
CVE-2019-6548
GE Communicator is affected by CVE-2019-6548: all versions before 4.0.517 contain two backdoor accounts with hardcoded credentials that could allow control over the database. Impact is stated as high (C/H/I/H/A/H) with potential remote exploitation per public advisories. The remediation is to upg...
CVE-2019-6564
GE Communicator (before 4.0.517) is affected by CVE-2019-6564 in which a non-administrative user can place malicious files in the installer directory, potentially gaining administrative privileges during installation or upgrade. Affected components include the Communicator Installer, Application,...
CVE-2019-6544
CVE-2019-6544 affects GE Communicator before 4.0.517. A service runs with SYSTEM privileges, enabling an unprivileged user to perform certain administrative actions and potentially execute scheduled scripts with SYSTEM privileges. Impact and exploitability are context-dependent: some advisories i...
CVE-2019-6566
CVE-2019-6566 affects GE GE Communicator prior to 4.0.517. A non-administrative user can replace the uninstaller with a malicious version, potentially granting administrator privileges. Affected components include Communicator Installer, Communicator Application, Communicator PostgreSQL, Communic...
CVE-2019-6546
CVE-2019-6546 affects GE Communicator prior to 4.0.517. The issue allows placing malicious files in the program’s working directory, potentially enabling manipulation of widgets/UI elements. Affected component/behavior is described in multiple sources (NVD and ICS advisories). Remediation per PT ...