CVE-2008-7122 - Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programmin

CVE-2008-7122

Summary

Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods.

References

http://www.securityfocus.com/bid/28287
https://www.exploit-db.com/exploits/5271

Vulnerable Configurations

cpe:2.3:a:evansprogramming:registry_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:evansprogramming:registry_pro:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 29-09-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	28287
exploit-db	5271

Last major update

29-09-2017 - 01:33

Published

31-08-2009 - 10:30

Last modified

29-09-2017 - 01:33