PT-2011-3942 · Uusee · Uuplayer Activex Control+1

Publicado

2011-08-09

Atualizado

2017-08-29

CVE-2011-2590

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UUSee 2010 version 6.11.0609.2 UUPlayer ActiveX control version 6.0.0.1

Description The issue allows remote attackers to execute arbitrary programs. This is achieved via a UNC share pathname in the MPlayerPath parameter of the Play method in the UUPlayer ActiveX control.

Recommendations For UUSee 2010 version 6.11.0609.2, consider disabling the Play method in the UUPlayer ActiveX control until a patch is available. For UUPlayer ActiveX control version 6.0.0.1, restrict the use of the MPlayerPath parameter to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2011-2590

Produtos afetados

Uuplayer Activex Control

Uusee

PT-2011-3942 · Uusee · Uuplayer Activex Control+1

CVE-2011-2590

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6