Vulnerability Details : CVE-2010-0679
Public exploit exists!
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
Vulnerability category: Execute code
Products affected by CVE-2010-0679
- cpe:2.3:a:hyleos:chemview:1.9.5.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0679
74.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2010-0679
-
Hyleos ChemView ActiveX Control Stack Buffer Overflow
Disclosure Date: 2010-02-10First seen: 2020-04-26exploit/windows/browser/hyleos_chemviewx_activexThis module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary cod
CVSS scores for CVE-2010-0679
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-0679
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0679
-
http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt
Files ≈ Packet StormExploit
-
http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt
Files ≈ Packet StormExploit
-
http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf
-
http://www.exploit-db.com/exploits/11422
Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow (Metasploit) - Windows remote ExploitExploit
-
http://secunia.com/advisories/38523
Sign inVendor Advisory
-
http://www.securityfocus.com/bid/38225
Hyleos ChemView ActiveX Control Multiple Buffer Overflow VulnerabilitiesExploit
-
http://osvdb.org/62276
Jump to