The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-05-11T23:00:00
Updated: 2018-10-10T18:57:01
Reserved: 2010-05-11T00:00:00
Link: CVE-2010-1911
JSON object: View
NVD Information
Status : Modified
Published: 2010-05-12T11:46:31.750
Modified: 2018-10-10T19:57:59.267
Link: CVE-2010-1911
JSON object: View
Redhat Information
No data.
CWE