PT-2005-2184 · Musicmatch · Musicmatch+1
Robert Fly
·
Publicado
2005-04-18
·
Atualizado
2016-10-18
·
CVE-2005-1168
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Musicmatch versions 10.00.2047 and earlier
Description
The issue allows remote attackers to overwrite arbitrary files. This is achieved via the
bstrSavePath argument in the DiagCollectionControl.dll component.Recommendations
For Musicmatch versions 10.00.2047 and earlier, consider restricting access to the DiagCollectionControl.dll component until a patch is available. As a temporary workaround, avoid using the
bstrSavePath argument in sensitive operations to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Diagcollectioncontrol.Dll
Musicmatch