Vulnerability Description
Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Odyssey Access Client | 4.72.11421.0 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=850
- https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=850
- https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN
FAQ
What is CVE-2009-4643?
CVE-2009-4643 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arb...
How severe is CVE-2009-4643?
CVE-2009-4643 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4643?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Odyssey Access Client.