PT-2010-3193 · Gigabyte · Gigabyte Dldrv2 Activex Control

Published

2010-08-02

Updated

2010-08-03

CVE-2010-1518

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GIGABYTE Dldrv2 ActiveX control version 1.4.206.11

Description The issue is related to an array index error in the SetDLInfo method of the GIGABYTE Dldrv2 ActiveX control. This error can be exploited by remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. The exploitation is possible via the item argument.

Recommendations For GIGABYTE Dldrv2 ActiveX control version 1.4.206.11, consider disabling the SetDLInfo method as a temporary workaround until a patch is available. Restrict access to the item argument in the affected ActiveX control to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-1518

Affected Products

Gigabyte Dldrv2 Activex Control

PT-2010-3193 · Gigabyte · Gigabyte Dldrv2 Activex Control

CVE-2010-1518

Weakness Enumeration

Related Identifiers

Affected Products

References · 3