CVE-2009-0305

Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blackberry.com/btsc/KB16248	Patch Vendor Advisory
http://www.microsoft.com/technet/security/advisory/960715.mspx
http://secunia.com/advisories/33847	Vendor Advisory
http://www.securityfocus.com/bid/33663
http://osvdb.org/51833
http://www.kb.cert.org/vuls/id/131100	US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:research_in_motion_limited:blackberry_application_web_loader:1.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

Information

Published : 2009-02-10 14:30

Updated : 2009-02-16 22:57

NVD link : CVE-2009-0305

Mitre link : CVE-2009-0305

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

microsoft

internet_explorer

research_in_motion_limited

blackberry_application_web_loader

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blackberry.com/btsc/KB16248", "name": "http://blackberry.com/btsc/KB16248", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.microsoft.com/technet/security/advisory/960715.mspx", "name": "http://www.microsoft.com/technet/security/advisory/960715.mspx", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/33847", "name": "33847", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/33663", "name": "33663", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/51833", "name": "51833", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.kb.cert.org/vuls/id/131100", "name": "VU#131100", "tags": ["US Government Resource"], "refsource": "CERT-VN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0305", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-02-10T22:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:research_in_motion_limited:blackberry_application_web_loader:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-02-17T06:57Z"}