VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-0990
autoupdate, autoupdate_engine_activex_control: Stack-based buffer overflow in Creative Software Au...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0990

Original

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-15




Affected Product Tags
cpe:/a:creative:autoupdate:1.40.01
cpe:/a:creative:autoupdate_engine_activex_control:2.0.12.0
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
BID 40768




BUGTRAQ 20100611 Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow




MISC http://secunia.com/secunia_research/2010-52/




SECUNIA 38970




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.