Vulnerability CVE-2010-1912


Published: 2010-05-12   Modified: 2012-02-13

Description:
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."

See advisories in our WLB2 database:
Topic
Author
Date
High
Consona Products - Multiple vulnerabilities
wintercore
23.05.2010

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Consona -> Consona dynamic agent 
Consona -> Consona live assistance 
Consona -> Consona subscriber assistance 

 References:
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
http://www.kb.cert.org/vuls/id/602801
http://www.securityfocus.com/archive/1/511176/100/0/threaded
http://www.wintercore.com/downloads/rootedcon_0day.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58607

Copyright 2024, cxsecurity.com

 

Back to Top