CVE-2010-1909
Consona Dynamic Agent, Live Assistance, and Subscriber Assistance - Buffer Overflow via RunCmd Method
Title source: llmDescription
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39751
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/602801
Various Sources x_refsource_misc
http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html
Exploit x_refsource_misc
http://www.wintercore.com/downloads/rootedcon_0day.pdf
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511176/100/0/threaded
Scores
EPSS
0.0565
EPSS Percentile
92.1%
Details
CWE
CWE-119
Status
published
Products (3)
consona/consona_dynamic_agent
(3 CPE variants)
consona/consona_live_assistance
consona/consona_subscriber_assistance
Published
May 12, 2010
Tracked Since
Feb 18, 2026