PT-2010-4130 · Realpage · Realpage Module Activex Controls

Published

2010-10-26

Updated

2010-10-28

CVE-2010-2585

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealPage Module ActiveX Controls version 1.0.0.9

Description The issue concerns multiple buffer overflows in the RealPage Module Upload ActiveX control. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur via a long value in either the DestURL or SourceFile property.

Recommendations For version 1.0.0.9, consider restricting access to the RealPage Module Upload ActiveX control until a patch is available. As a temporary workaround, avoid using long values for the DestURL and SourceFile properties to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-2585

Affected Products

Realpage Module Activex Controls

PT-2010-4130 · Realpage · Realpage Module Activex Controls

CVE-2010-2585

Weakness Enumeration

Related Identifiers

Affected Products

References · 5