9.3
CVE-2009-2627
- EPSS 4.58%
- Veröffentlicht 19.08.2009 17:30:01
- Zuletzt bearbeitet 16.06.2026 23:09:52
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.58% | 0.904 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://osvdb.org/57201
http://secunia.com/advisories/36343
http://www.kb.cert.org/vuls/id/485961
http://www.securityfocus.com/bid/36068
http://www.securitytracker.com/id?1022752
http://www.vupen.com/english/advisories/2009/2299
https://exchange.xforce.ibmcloud.com/vulnerabilities/52592