BDU:2021-04414

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.3critical2.0

0246810

CVSS Score: 9.3/10

All CVSS Scores

CVSS 2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Уязвимость компонента MSCOMCTL.OCX пакета программ Microsoft Office, системы управления реляционными базами данных Microsoft SQL Server, программного средства для систем электронной коммерции Microsoft Commerce Server, среды разработки систем баз данных Microsoft Visual FoxPro связана с ошибками управления генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2012-0158

Exploits

Exploit ID: BDU:2021-04414

Source: bdu_exploit

URL: https://bdu.fstec.ru/vul

Exploit ID: 18780

Source: exploitdb

URL: https://www.exploit-db.com/exploits/18780

Exploit ID: CVE-2012-0158

Source: github-poc

URL: https://github.com/Sunqiz/CVE-2012-0158-reproduction

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0158

http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce/

http://www.securityfocus.com/bid/52911

http://www.securitytracker.com/id?1026899

http://www.securitytracker.com/id?1026900

http://www.securitytracker.com/id?1026902

http://www.securitytracker.com/id?1026903

http://www.securitytracker.com/id?1026904

http://www.securitytracker.com/id?1026905

http://www.us-cert.gov/cas/techalerts/TA12-101A.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-027

https://exchange.xforce.ibmcloud.com/vulnerabilities/74372

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15462

Recommendations

Source: bdu

Обновление программного средства до актуальной версии

URL: https://bdu.fstec.ru/vul/2021-04414

Vulnerable Software (21)

Type: Configuration

Vendor: microsoft corp

Product: biztalk server

Operating System: * *

Trait:

{  "version_exact": "2002 SP1"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft commerce server

Operating System: * *

Trait:

{  "version_exact": "2002 SP4"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft commerce server

Operating System: * *

Trait:

{  "version_exact": "2007 SP2"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft commerce server

Operating System: * *

Trait:

{  "version_exact": "2009"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft commerce server

Operating System: * *

Trait:

{  "version_exact": "2009 R2"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft office 2003 service pack 3

Operating System: * *

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft office 2007 service pack 2

Operating System: * *

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft office 2007 service pack 3

Operating System: * *

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft office 2010

Operating System: * *

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft office 2010 service pack 1

Operating System: * *

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft office web components

Operating System: * *

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: microsoft visual basic

Operating System: * *

Trait:

{  "version_exact": "6.0"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2000 SP4 analysis services"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2005 SP4 express advanced services"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2005 SP4"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2008 R2"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2008 SP2"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2008 SP3"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: sql server

Operating System: * *

Trait:

{  "version_exact": "2000 SP4"}

Source: bdu

Type: Configuration

Vendor: microsoft corp

Product: visual foxpro

Operating System: * *

Trait:

{  "version_exact": "9.0 SP2"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2021-04414

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (21)