Vulnerability Details : CVE-2008-6252

Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.

Vulnerability category: OverflowExecute code

Published 2009-02-24 18:30:00

Updated 2017-09-29 01:33:03

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-6252

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-6252

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-6252

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: [email protected] (Primary)

References for CVE-2008-6252

http://www.vupen.com/english/advisories/2008/3126

Patch;Vendor Advisory
http://blog.xwings.net/?p=127

Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46551
http://www.macupdate.com/info.php/id/23049

Patch
https://www.exploit-db.com/exploits/7088
http://www.securityfocus.com/bid/32252

Exploit

Products affected by CVE-2008-6252

Smcfancontrol » Smcfancontrol » Version: 2.1.2
cpe:2.3:a:smcfancontrol:smcfancontrol:2.1.2:*:*:*:*:*:*:*
Matching versions