Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2262

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2014-2262
Last Modified 03 Mar 2014 11:15:58
Published 28 Feb 2014 07:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2262

Summary

Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.

Vulnerable Systems

Application

  • Base Sas 9.2

  • Base Sas 9.3

  • Base Sas 9.4


References

MISC - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt

BID - 65853

BUGTRAQ - 20140227 SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System)

CONFIRM - http://support.sas.com/kb/51/701.html

SECUNIA - 57029


Last Updated: 27 May 2016 11:04:32