Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4783

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-4783
Last Modified 27 Dec 2011 12:00:00
Published 27 Dec 2011 06:55:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4783

Summary

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.

Vulnerable Systems

Application

  • Google Idapython 1.2.0

  • Google Idapython 1.4.0

  • Google Idapython 1.4.1

  • Google Idapython 1.4.2

  • Google Idapython 1.4.3

  • Google Idapython 1.5.0

  • Google Idapython 1.5.1

  • Google Idapython 1.5.2


References

CONFIRM - http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip

XF - idapro-idb-code-execution(71936)

MISC - http://technet.microsoft.com/en-us/security/msvr/msvr11-015

SECUNIA - 47295

CONFIRM - http://code.google.com/p/idapython/source/detail?r=361


Last Updated: 27 May 2016 10:57:58