28 Jun 2012 18:20
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
ZDI Disclosures <zdi-disclosures <at> tippingpoint.com>
2012-06-28 16:20:23 GMT
2012-06-28 16:20:23 GMT
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-106 June 28, 2012 -- CVE ID: CVE-2012-3811 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P -- Affected Vendors: Avaya -- Affected Products: Avaya IP Office -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12384. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability.(Continue reading)
RSS Feed