Vulnerability Description
The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realpage | Module Activex Controls | 1.0.0.9 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/41392Vendor Advisory
- http://secunia.com/secunia_research/2010-118/Vendor Advisory
- http://www.osvdb.org/68813
- http://www.securityfocus.com/bid/44302
- http://secunia.com/advisories/41392Vendor Advisory
- http://secunia.com/secunia_research/2010-118/Vendor Advisory
- http://www.osvdb.org/68813
- http://www.securityfocus.com/bid/44302
FAQ
What is CVE-2010-2584?
CVE-2010-2584 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote atta...
How severe is CVE-2010-2584?
CVE-2010-2584 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2584?
Check the references section above for vendor advisories and patch information. Affected products include: Realpage Module Activex Controls.