Lucene search

MitreCVE-2008-2511

HistoryJun 02, 2008 - 9:30 p.m.

CVE-2008-2511

2008-06-0221:30:00

CWE-22

mitre

web.nvd.nist.gov

cve-2008-2511

directory traversal

umxeventcli.cachedauditdatalist.1

activex control

ca internet security suite 2008

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.102

Percentile

95.0%

JSON

Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a … (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

cainternet_security_suite_plus_2008

VendorProductVersionCPE
cainternet_security_suite_plus_2008*cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	internet_security_suite_plus_2008	*	cpe:2.3:a:ca:internet_security_suite_plus_2008::::::::

References

retrogod.altervista.org/9sg_CA_poc.html

secunia.com/advisories/30420

www.securityfocus.com/archive/1/492679/100/0/threaded

www.securitytracker.com/id?1020129

www.vupen.com/english/advisories/2008/1696/references

exchange.xforce.ibmcloud.com/vulnerabilities/42712

www.exploit-db.com/exploits/5682

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.102

Percentile

95.0%

JSON

Related for CVE-2008-2511