INFORMATION

Name : CVE-2010-0138 First Publication : 2010-01-21
Severity : Critical Last Modification : 2010-01-22

SCORING CVSS v2

Cvss Base Score : 10 Attack Range : Network
Cvss Impact Score : 10 Attack Complexity : Low
Cvss Expoit Score : 10 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.



CWE COMMON WEAKNESS ENUMERATION

CWE-119 - Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

61908 : Cisco InternetWork Performance Monitor on Windows getProcessName CORBA GIOP Request Overflow.


SECONDARY(S) SOURCE(S)


Source : BID
Url : http://www.securityfocus.com/bid/37879

Source : CISCO
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml

Source : MISC
Url : http://www.zerodayinitiative.com/advisories/ZDI-10-004/

Source : SECTRACK
Url : http://securitytracker.com/id?1023484

Source : SECUNIA
Url : http://secunia.com/advisories/38230

Source : VUPEN
Url : http://www.vupen.com/english/advisories/2010/0184

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/55768