CVE-2015-0795

Published Jul 18, 2015

Last updated a year ago

Overview

Description: Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka ZDI-CAN-2699.
Source: security@opentext.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microfocus:security_solutions_for_iseries:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D548DC2-D747-42D8-AEAC-00336E0CA95D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References