RSS   Vulnerabilities for 'Consona subscriber activation'   RSS

2010-05-12
 
CVE-2010-1906

CWE-310
 

 
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.

 

 >>> Vendor: Consona 6 Products
Consona dynamic agent
Consona live assistance
Consona subscriber assistance
Consona repair manager
Consona subscriber activation
Consona subscriber agent


Copyright 2024, cxsecurity.com

 

Back to Top