CVE-2010-1913
Last modified
CVE-2010-1913 is a vulnerability of currently unknown severity. The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.. EPSS estimates a 5.03% chance of exploitation in the next 30 days.
Description
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Consona | Consona Dynamic Agent | All versions |
| Consona | Consona Live Assistance | All versions |
| Consona | Consona Subscriber Assistance | All versions |
References
- http://www.kb.cert.org/vuls/id/602801Patch, US Government Resource
- http://www.kb.cert.org/vuls/id/602801Patch, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-1913?
How severe is CVE-2010-1913?
How do I fix CVE-2010-1913?
Are you affected by CVE-2010-1913?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST