Description
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Cesar Cerrudo · textdoswindows
https://www.exploit-db.com/exploits/22816
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1007029
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8008
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105647537823877&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/9091
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12423
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/527228
Scores
EPSS
0.2795
EPSS Percentile
96.5%
Details
Status
published
Products (1)
symantec/security_check
Published
Aug 07, 2003
Tracked Since
Feb 18, 2026