CVE-2013-2602 - Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll)

CVE-2013-2602

Summary

Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokensValuesArray parameter to the AddTokens method; (3) seLastNameTokensArray parameter to the AddLastNameTokens method; (4) seFrameIdArray, (5) seSourceIdArray, (6) seHasBreakdownArray, (7) seIsIndexedArray, (8) seAllConcatArray, (9) seRefererURLArray, or (10) seMandatoryFieldsArray parameter to the AddMultipleSearches method; (11) seSourceIdArray, (12) seIsIndexedArray, (13) seAllConcatArray, (14) seRefererURLArray, (15) seQATestsArray, (16) seAllSourceIDsArray, (17) seAllSourceTitlesArray, (18) seMandatoryFieldsArray, or (19) seAllSourceRootURLArray parameter to the TestYourself method. Per: http://cwe.mitre.org/data/definitions/129.html "CWE-129: Improper Validation of Array Index"

References

Vulnerable Configurations

cpe:2.3:a:myheritage:sequeryobject_activex_control:1.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:myheritage:sequeryobject_activex_control:1.0.2.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 09-06-2014 - 14:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

osvdb

93498
93499
93500
93501

Last major update

09-06-2014 - 14:04

Published

06-06-2014 - 14:55

Last modified

09-06-2014 - 14:04