CVE-2010-1909

2010-05-1123:00:00

mitre

www.cve.org

7.9 High

AI Score

Confidence

Low

0.046 Low

EPSS

Percentile

92.6%

JSON

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving “CreateProcess params.” NOTE: some of these details are obtained from third party information.

References

secunia.com/advisories/39751

wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html

www.kb.cert.org/vuls/id/602801

www.securityfocus.com/archive/1/511176/100/0/threaded

www.wintercore.com/downloads/rootedcon_0day.pdf