CVE-2015-7303
Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
Vulnerabilidad de uso después de liberación de memoria en el servicio Update Manager en Avira Management Console, permite a atacantes remotos ejecutar código arbitrario a través de una cabecera grande.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of HTTP headers by the Update Manager service. By sending overly large headers, an attacker is able to cause memory to be reused after it has been released. An attacker could leverage this to execute arbitrary code under the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-16 CVE Published
- 2015-09-21 CVE Reserved
- 2024-09-17 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-15-445 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avira Search vendor "Avira" | Management Console Search vendor "Avira" for product "Management Console" | * | - |
Affected
| ||||||