PT-2010-4130 · Realpage · Realpage Module Activex Controls

Publicado

2010-10-26

Atualizado

2010-10-28

CVE-2010-2585

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealPage Module ActiveX Controls version 1.0.0.9

Description The issue concerns multiple buffer overflows in the RealPage Module Upload ActiveX control. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur via a long value in either the DestURL or SourceFile property.

Recommendations For version 1.0.0.9, consider restricting access to the RealPage Module Upload ActiveX control until a patch is available. As a temporary workaround, avoid using long values for the DestURL and SourceFile properties to minimize the risk of exploitation.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2010-2585

Produtos afetados

Realpage Module Activex Controls

PT-2010-4130 · Realpage · Realpage Module Activex Controls

CVE-2010-2585

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5