CVE-2010-1908 in Dynamic Agentinformazioni

Riassunto

di MITRE

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

11/05/2010

Divulgazione

12/05/2010

Moderazione

accettato

Voce

VDB-53152

CPE

pronto

CWE

CWE-264 (confermato)

CVSS

9.3 (NVD)

EPSS

0.02336

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-1908
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1908
CVE Details	https://www.cvedetails.com/cve/CVE-2010-1908/

◂ Precedente Visione D'ensemble Il prossimo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!