- Description
- Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:antispyware:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA43906A-1172-4155-8815-896D3973C712"
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E38ED6F1-56A1-47CB-95DD-2850C749EC66"
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB1FCACF-F8FF-47A7-A560-D35B4AB5F64A"
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.2_patch:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43ED8EF9-9DC7-4033-9636-8840E8645B1E"
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2EEFFA7-F7B4-4743-BEE5-4DABF2CB4F6B"
}
],
"operator": "OR"
}
]
}
]