Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2305

CWE-119 — Buffer Overflow5 documents4 sources

Severity

9.3CRITICAL

EPSS

6.2%

top 9.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Sygate Personal Firewall

Timeline

PublishedJun 16

Latest updateMay 17

Description

Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/sygate_personal_firewall5.6

🔴Vulnerability Details

GHSA

GHSA-qg27-wh8f-4pvh: Buffer overflow in an ActiveX control in SSHelper↗2022-05-17

▶

CVEList

CVE-2010-2305: Buffer overflow in an ActiveX control in SSHelper↗2010-06-16

▶

💥Exploits & PoCs

Exploit-DB

Sygate Personal Firewall 5.6 build 2808 - ActiveX with DEP Bypass↗2010-06-11

▶

Exploit-DB

RealVNC 3.3.7 - Client Buffer Overflow (Metasploit)↗2010-04-30

▶