CVE-2010-1517 — HIGH (10.0)

Vulnerability Description

The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Gigabyte	Dldrv2 Activex Control	1.4.206.11

Related Weaknesses (CWE)

CWE-20

References

http://secunia.com/advisories/40161Vendor Advisory
http://secunia.com/secunia_research/2010-85/Vendor Advisory
http://secunia.com/advisories/40161Vendor Advisory
http://secunia.com/secunia_research/2010-85/Vendor Advisory

FAQ

What is CVE-2010-1517?

CVE-2010-1517 is a vulnerability with a CVSS score of 10.0 (HIGH). The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2)...

How severe is CVE-2010-1517?

CVE-2010-1517 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1517?

Check the references section above for vendor advisories and patch information. Affected products include: Gigabyte Dldrv2 Activex Control.