Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2003

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2003
Last Modified 29 Jan 2009 01:48:57
Published 28 Apr 2008 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2003

Summary

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378.

Vulnerable Systems

Application

  • Badblue 2.72


References

XF - badblue-multiple-weak-security(42090)

BUGTRAQ - 20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS

SREASON - 3832


Last Updated: 27 May 2016 10:47:44