Vulnerabilities > CVE-2010-0689 - Remote Command Execution vulnerability in DateV 'DVBSExeCall.ocx' ActiveX Control
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Sanitization of Special Elements used in a Command ('Command Injection')"
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://osvdb.org/62564
- http://secunia.com/advisories/38716
- http://sotiriu.de/adv/NSOADV-2010-003.txt
- http://sotiriu.de/demos/videos/nso-2010-003.html
- http://www.datev.de/info-db/1080162
- http://www.securityfocus.com/archive/1/509743/100/0/threaded
- http://www.securityfocus.com/bid/38415
- http://www.vupen.com/english/advisories/2010/0474
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56530