CVE-2011-0323

Published Feb 7, 2011

Last updated 7 years ago

Overview

Description: Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:topazsystems:sigplus_pro_activex_control:3.95:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96B79327-3661-43C4-8D46-DE5A995FFF6A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References