Executive Summary
Summary | |
---|---|
Title | Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#602801 | First vendor Publication | 2010-05-06 |
Vendor | VU-CERT | Last vendor Modification | 2010-05-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#602801Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilitiesOverviewConsona (formerly SupportSoft) Intelligent Assistance Suite (IAS) contains a set of vulnerabilities that collectively could allow an attacker to execute arbitrary code on a remote system.I. DescriptionIn 2009, Consona acquired SupportSoft's enterprise software assets, including web-based assistance software called Intelligent Assistance Suite (IAS). IAS client components are delivered via ActiveX controls, Netscape-style plugins, or standalone installers. IAS runs on Microsoft Windows platforms. Consona products affected by these vulnerabilities include Consona Live Assistance, Consona Dynamic Agent, Consona Subscriber Assistance, Repair Manager, Consona Subscriber Activiation, and Subscriber Agent.IAS contains vulnerabilities in different components.
Further details are available in Rubén Santamarta's slides from Rooted CON 2010. II. ImpactBy convincing a user to view a specially crafted HTML document (web page, HTML email message), an attacker could execute arbitrary code with the privileges of the user, and possibly gain SYSTEM privileges via the Repair Service.III. SolutionApply patchesSites providing IAS/Consona support services should apply the appropriate patches referenced in the April 2010 Security Bulletin.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{01113300-3E00-11D2-8470-0060089874ED}] "Compatibility Flags"=dword:00000400 Vendor Information
References
This information is based on research by Rubén Santamarta. Thanks to Rubén and Consona for following responsible vulnerability disclosure practices. This document was written by Art Manion.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/602801 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
22 % | CWE-310 | Cryptographic Issues |
22 % | CWE-264 | Permissions, Privileges, and Access Controls |
11 % | CWE-287 | Improper Authentication |
11 % | CWE-200 | Information Exposure |
11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
11 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64669 | Consona tgctlcm.dll SdcWebSecureBase Interface pluginlicense.ini ActiveX DNS ... |
64668 | Consona tgctlcm.dll SdcWebSecureBase Interface Instantiation / Free ActiveX E... |
64667 | Consona tgctlcm.dll SdcWebSecureBase Interface Site-locking Implementation Ac... |
64629 | Consona SdcUser.TgConCtl ActiveX (tgctlcm.dll) GetUserName Method Username Di... |
64505 | Consona SdcUser.TgConCtl ActiveX (tgctlcm.dll) RunCMD Method Overflow |
64504 | Consona SdcUser.TgConCtl ActiveX (tgctlcm.dll) HTTPDownloadFile Arbitrary Com... |
64503 | Consona SdcUser.TgConCtl ActiveX (tgctlcm.dll) Install Method Arbitrary Comma... |
64502 | Consona SdcUser.TgConCtl ActiveX (tgctlcm.dll) RunCmd Method Arbitrary Comman... |
64394 | Consona CRM Suite Password Hint Unspecified Password Reset Issue |
64393 | Consona CRM Suite ASP Page URI XSS |
64390 | Consona CRM Suite Repair Service tgsrv.exe Predictable Timestamp Field Remote... |