CVE-2009-0305
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.
Múltiples desbordamientos de búfer en la región stack de la memoria en el control ActiveX de Research in Motion RIM AxLoader en el archivo AxLoader.ocx y la biblioteca AxLoader.dll en BlackBerry Application Web Loader versión 1.0 permiten a los atacantes remotos ejecutar código arbitrario mediante el uso no especificado de la (1) carga o (2) loadJad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-01-27 CVE Reserved
- 2009-02-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/51833 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/131100 | Third Party Advisory |
|
| http://www.microsoft.com/technet/security/advisory/960715.mspx | X_refsource_confirm | |
| http://www.securityfocus.com/bid/33663 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://blackberry.com/btsc/KB16248 | 2009-02-17 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33847 | 2009-02-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Research In Motion Limited Search vendor "Research In Motion Limited" | Blackberry Application Web Loader Search vendor "Research In Motion Limited" for product "Blackberry Application Web Loader" | 1.0 Search vendor "Research In Motion Limited" for product "Blackberry Application Web Loader" and version "1.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Safe
|