CVE: CVE-2003-0470 - CVE-Search

CVE Details for CVE: CVE-2003-0470

Summary

Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.

Timestamps
Last major update	11-07-2017 - 01:29
Published	07-08-2003 - 04:00
Last modified	11-07-2017 - 01:29

References

Vulnerable Configurations

cpe:2.3:a:symantec:security_check:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:security_check:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	8008
bugtraq	20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
cert-vn	VU#527228
fulldisc	20030622 Symantec ActiveX control buffer overflow
sectrack	1007029
secunia	9091
xf	symantec-security-activex-bo(12423)