CVE-2010-1913 (GCVE-0-2010-1913)

Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI?
Summary
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2010-05-06 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:12.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#602801",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/602801"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
          },
          {
            "name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#602801",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/602801"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
        },
        {
          "name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1913",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#602801",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/602801"
            },
            {
              "name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
              "refsource": "MISC",
              "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
            },
            {
              "name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
              "refsource": "MISC",
              "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
            },
            {
              "name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1913",
    "datePublished": "2010-05-11T23:00:00.000Z",
    "dateReserved": "2010-05-11T00:00:00.000Z",
    "dateUpdated": "2024-08-07T02:17:12.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2010-1913",
      "date": "2026-05-03",
      "epss": "0.01928",
      "percentile": "0.83469"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"3E86DC4D-1E5C-4284-AA49-FD5F3AA9056A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*\", \"matchCriteriaId\": \"76A93E2B-D458-43A4-A4A5-9FA0981B72EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*\", \"matchCriteriaId\": \"F1AAF4CD-3D1A-4C44-8338-4F614E4645CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDD3CC62-BB8B-435F-A9F3-CD6DE608F463\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F445B64-34D5-4372-9861-2216442E4069\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.\"}, {\"lang\": \"es\", \"value\": \"La configuraci\\u00f3n por defecto de pluginlicense.ini para la interfaz SdcWebSecureBase en tgctlcm.dll en Consona Live Assistance, Dynamic Agent, y Subscriber Assistance, cuando se descargan de un servidor operado por Telef\\u00f3nica o posiblemente otras empresas, contiene una lista blanca de DNS incorrectos que incluye los nombres de host DNS de los ordenadores personales de muchas personas, lo cual permite a atacantes remotos eludir restricciones de ejecuci\\u00f3n de ActiveX alojando un control ActiveX en un servidor Web dom\\u00e9stico de origen aplicable.\"}]",
      "id": "CVE-2010-1913",
      "lastModified": "2024-11-21T01:15:27.170",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-05-12T11:46:31.830",
      "references": "[{\"url\": \"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/602801\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/511176/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.wintercore.com/downloads/rootedcon_0day.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/602801\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/511176/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.wintercore.com/downloads/rootedcon_0day.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-16\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1913\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-05-12T11:46:31.830\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n por defecto de pluginlicense.ini para la interfaz SdcWebSecureBase en tgctlcm.dll en Consona Live Assistance, Dynamic Agent, y Subscriber Assistance, cuando se descargan de un servidor operado por Telef\u00f3nica o posiblemente otras empresas, contiene una lista blanca de DNS incorrectos que incluye los nombres de host DNS de los ordenadores personales de muchas personas, lo cual permite a atacantes remotos eludir restricciones de ejecuci\u00f3n de ActiveX alojando un control ActiveX en un servidor Web dom\u00e9stico de origen aplicable.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"3E86DC4D-1E5C-4284-AA49-FD5F3AA9056A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*\",\"matchCriteriaId\":\"76A93E2B-D458-43A4-A4A5-9FA0981B72EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*\",\"matchCriteriaId\":\"F1AAF4CD-3D1A-4C44-8338-4F614E4645CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD3CC62-BB8B-435F-A9F3-CD6DE608F463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F445B64-34D5-4372-9861-2216442E4069\"}]}]}],\"references\":[{\"url\":\"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/602801\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511176/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.wintercore.com/downloads/rootedcon_0day.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/602801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511176/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.wintercore.com/downloads/rootedcon_0day.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.