Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-3324First vendor Publication2008-08-18
VendorCveLast vendor Modification2018-10-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3324

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-184Software Integrity Attacks
CAPEC-185Malicious Software Download
CAPEC-186Malicious Software Update
CAPEC-187Malicious Automated Software Update

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
47799PartyPoker Update Authenticity Verification Weakness

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/30693
BUGTRAQ http://www.securityfocus.com/archive/1/495724/100/0/threaded
FULLDISC http://seclists.org/fulldisclosure/2008/Aug/0302.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/44477

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2018-10-12 00:20:25
  • Multiple Updates
2017-08-08 09:24:16
  • Multiple Updates
2013-05-11 00:22:09
  • Multiple Updates