Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4177

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4177
Last Modified 01 Apr 2013 11:19:51
Published 07 Aug 2012 04:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4177

Summary

The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.

Vulnerable Systems

Application

  • Ubi Uplay Pc 2.0

  • Ubi Uplay Pc 2.0.1

  • Ubi Uplay Pc 2.0.2

  • Ubi Uplay Pc 2.0.3


References

MISC - http://www.bbc.com/news/technology-19053453

FULLDISC - 20120729 Re: AxMan ActiveX fuzzing <== Memory Corruption PoC

OSVDB - 84402

CONFIRM - http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix

EXPLOIT-DB - 20321


Last Updated: 27 May 2016 10:53:34