CVE-2010-0689

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/62564
http://secunia.com/advisories/38716	Vendor Advisory
http://sotiriu.de/adv/NSOADV-2010-003.txt
http://sotiriu.de/demos/videos/nso-2010-003.html	Exploit
http://www.datev.de/info-db/1080162
http://www.securityfocus.com/archive/1/509743/100/0/threaded
http://www.securityfocus.com/bid/38415
http://www.vupen.com/english/advisories/2010/0474
https://exchange.xforce.ibmcloud.com/vulnerabilities/56530

Configurations

Configuration 1 (hide)

cpe:2.3:a:datev:base_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-02-26 19:30

Updated : 2024-02-28 11:41

NVD link : CVE-2010-0689

Mitre link : CVE-2010-0689

CVE.ORG link : CVE-2010-0689

JSON object : View

Products Affected

datev

base_system

CWE

NVD-CWE-Other

{"id": "CVE-2010-0689", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-02-26T19:30:00.713", "references": [{"url": "http://osvdb.org/62564", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38716", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sotiriu.de/adv/NSOADV-2010-003.txt", "source": "cve@mitre.org"}, {"url": "http://sotiriu.de/demos/videos/nso-2010-003.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.datev.de/info-db/1080162", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/509743/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38415", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0474", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56530", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors."}, {"lang": "es", "value": "El m\u00e9todo ExecuteExe en el control ActiveX DVBSExeCall v1.0.0.1 en DVBSExeCall.ocx en DATEV Base System (tambi\u00e9n conocido como Grundpaket Basis) permite a atacantes remotos a ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2018-10-10T19:53:23.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:datev:base_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95D28E5E-985E-4465-80DD-627AF805DA2D"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\r\n\r\n\"CWE-77: Improper Sanitization of Special Elements used in a Command ('Command Injection')\"", "sourceIdentifier": "cve@mitre.org"}