nvd-json-data-feeds/CVE-2015/CVE-2015-46xx/CVE-2015-4674.json

{
  "id": "CVE-2015-4674",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2015-08-07T01:59:00.130",
  "lastModified": "2024-11-21T02:31:32.057",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la implementaci\u00f3n de autoupdate en TimeDoctor Pro 1.4.72.3 en Windows, conf\u00eda en archivos de instalaci\u00f3n sin firmar que son recuperados sin el uso de SSL, lo que hace m\u00e1s f\u00e1cil para atacantes man-in-the-middle ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:timedoctor:timedoctor:1.4.72.3:*:*:*:pro:*:*:*",
              "matchCriteriaId": "BF1C4BE0-BC8A-4977-93B1-51C0B26B10C4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://seclists.org/fulldisclosure/2015/Jun/105",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/75572",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://seclists.org/fulldisclosure/2015/Jun/105",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/535881/100/700/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/75572",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}