CVE-2010-0689

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://sotiriu.de/adv/NSOADV-2010-003.txt
http://www.datev.de/info-db/1080162
http://sotiriu.de/demos/videos/nso-2010-003.html	Exploit
http://www.securityfocus.com/bid/38415
http://secunia.com/advisories/38716	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0474
http://osvdb.org/62564
https://exchange.xforce.ibmcloud.com/vulnerabilities/56530
http://www.securityfocus.com/archive/1/509743/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:datev:base_system:*:*:*:*:*:*:*:*

Information

Published : 2010-02-26 11:30

Updated : 2018-10-10 12:53

NVD link : CVE-2010-0689

Mitre link : CVE-2010-0689

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

datev

base_system

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sotiriu.de/adv/NSOADV-2010-003.txt", "name": "http://sotiriu.de/adv/NSOADV-2010-003.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.datev.de/info-db/1080162", "name": "http://www.datev.de/info-db/1080162", "tags": [], "refsource": "CONFIRM"}, {"url": "http://sotiriu.de/demos/videos/nso-2010-003.html", "name": "http://sotiriu.de/demos/videos/nso-2010-003.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/38415", "name": "38415", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/38716", "name": "38716", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/0474", "name": "ADV-2010-0474", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/62564", "name": "62564", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56530", "name": "datev-dvbsexecall-command-execution(56530)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/509743/100/0/threaded", "name": "20100225 NSOADV-2010-003: DATEV ActiveX Control remote command execution", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0689", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-02-26T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:datev:base_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T19:53Z"}