| CVE-2008-1282 |
|
发布时间 :2008-03-10 19:44:00 | ||
| 修订时间 :2011-03-07 22:06:27 | ||||
| NMCO |
[原文]Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter.
[CNNVD]b21soft bfup 缓冲区溢出漏洞(CNNVD-200803-159)
1.0.802.29版本以前的B21Soft BFup中的BFup ActiveX 控件(BFup.dll)存在的缓冲区溢出漏洞。远程攻击者通过一个长的FilePath参数来执行任意代码。
–
CVSS (基础分值)
| CVSS分值: | 9.3 | [严重(HIGH)] |
| 机密性影响: | COMPLETE | [完全的信息泄露导致所有系统文件暴露] |
| 完整性影响: | COMPLETE | [系统完整性可被完全破坏] |
| 可用性影响: | COMPLETE | [可能导致系统完全宕机] |
| 攻击复杂度: | MEDIUM | [漏洞利用存在一定的访问条件] |
| 攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
| CWE-119 | [内存缓冲区边界内操作的限制不恰当] |
–
CPE (受影响的平台与产品)
| 产品及版本信息(CPE)暂不可用 |
–
OVAL (用于检测的技术细节)
| 未找到相关OVAL定义 |
–
官方数据库链接
–
其它链接及资源
|
http://xforce.iss.net/xforce/xfdb/41050 (UNKNOWN) XF bfup-activex-bo(41050) |
|
http://www.vupen.com/english/advisories/2008/0797/references (UNKNOWN) VUPEN ADV-2008-0797 |
|
http://www.securityfocus.com/bid/28131 (UNKNOWN) BID 28131 |
|
http://www.hi-ho.ne.jp/babaq/bfupinfo.html (UNKNOWN) CONFIRM http://www.hi-ho.ne.jp/babaq/bfupinfo.html |
|
http://secunia.com/advisories/29260 (VENDOR_ADVISORY) SECUNIA 29260 |
|
http://jvn.jp/jp/JVN%2310606373/index.html (UNKNOWN) JVN JVN#10606373 |
–
漏洞信息
| b21soft bfup 缓冲区溢出漏洞 | |
| 高危 | 缓冲区溢出 |
| 2008-03-10 00:00:00 | 2008-09-05 00:00:00 |
| 远程 | |
| 1.0.802.29版本以前的B21Soft BFup中的BFup ActiveX 控件(BFup.dll)存在的缓冲区溢出漏洞。远程攻击者通过一个长的FilePath参数来执行任意代码。 | |
–
公告与补丁
|
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: B21Soft BFup 1.0.308 19 B21Soft BFup8229.CAB http://www.hi-ho.ne.jp/babaq/data/BFup8229.CAB |
–
漏洞信息
42792 |
|
| B21Soft BFup ActiveX (BFup.dll) FilePath Property Overflow | |
Remote / Network Access, Context Dependent |
Input Manipulation |
| Loss of Integrity | Upgrade |
| Exploit Unknown | Vendor Verified |
–
漏洞描述
–
时间线
2008-03-06 |
Unknow |
| Unknow | Unknow |
–
解决方案
| Upgrade to version 1.0.802.29 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
–
相关参考
|
–
漏洞作者
| Unknown or Incomplete |
![MySQL实时监控代码审计工具集合[更新]-微慑信息网-VulSee.com](http://vulsee.com/wp-content/uploads/2020/06/288.png)
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
