- Description
- Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:creative:autoupdate_engine_activex_control:2.0.12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36CFCA60-BF05-4892-81DD-BF6F6876B599"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:creative:autoupdate:1.40.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21B8C3DD-2839-47FF-90BF-DFDF04E373CF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]