Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0230

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-0230
Last Modified 27 Jul 2015 11:59:47
Published 31 Jan 2013 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0230

Summary

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.

Vulnerable Systems

Application

  • Miniupnp Project Miniupnpd 1.0


References

MISC - https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

MISC - https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

MISC - https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

EXPLOIT-DB - 36839


Last Updated: 27 May 2016 11:08:54