Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1606

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1606
Last Modified 12 May 2009 12:00:00
Published 11 May 2009 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1606

Summary

Multiple stack-based and heap-based buffer overflows in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll) 1.108.6.195 allow remote attackers to execute arbitrary code via long (1) baseurl, (2) kommune, (3) felter, (4) afdeling, (5) Flags, (6) HelpURL, (7) caburl, or (8) filename properties; or (9) a long argument to the Open method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Dafolocontrol 1.108.6


References

XF - dafolo-filenames-bo(50423)

XF - dafolo-helpurl-caburl-bo(50422)

XF - dafolo-stringparsing-bo(50421)

XF - dafolo-baseurl-bo(50420)

BID - 34900

SECUNIA - 35017


Last Updated: 27 May 2016 10:50:36