CVE-2015-4674

TimeDoctor Pro 1.4.72.3 - Unauthenticated Remote Code Execution via Unsigned AutoUpdate

Title source: llm
STIX 2.1

Description

The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535881/100/700/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75572
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/105

Scores

EPSS 0.0125
EPSS Percentile 65.4%

Details

CWE
CWE-345
Status published
Products (1)
timedoctor/timedoctor 1.4.72.3
Published Aug 07, 2015
Tracked Since Feb 18, 2026