- Description
- Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sas:base_sas:9.2:ts2m:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0677D062-8558-4441-BACC-6CEBDC2B8B3E"
},
{
"criteria": "cpe:2.3:a:sas:base_sas:9.3:ts1m1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05877F1C-C478-4B18-A431-52E1A54B573B"
},
{
"criteria": "cpe:2.3:a:sas:base_sas:9.3:ts1m2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF9B43DA-8B12-477F-8DAF-CA391F40AAFF"
},
{
"criteria": "cpe:2.3:a:sas:base_sas:9.4:ts1m0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAD4553C-9EE8-4077-B25C-AC1261BC6D61"
}
],
"operator": "OR"
}
]
}
]