10
CVE-2009-1350
- EPSS 65.93%
- Veröffentlicht 21.04.2009 16:24:52
- Zuletzt bearbeitet 16.06.2026 23:07:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 65.93% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://download.novell.com/Download?buildid=6ERQGPjRZ8o~
http://www.securityfocus.com/archive/1/502514/100/0/threaded
http://www.securityfocus.com/bid/34400
http://www.securitytracker.com/id?1021990
http://www.vupen.com/english/advisories/2009/0954
http://www.zerodayinitiative.com/advisories/ZDI-09-016/
https://bugzilla.novell.com/show_bug.cgi?id=437511