CVE-2010-0689

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-0689 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Nikolas Sotiriu.
The original article can be found at: http://sotiriu.de/adv/NSOADV-2010-003.txt

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-0689

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
DATEV Base System

The affected ActiveX Control will be installed by any DATEV Software, so each system with a DATEV installation is vulnerable.

Name: ActiveX-Control zum ffnen von LEXinform und der InfoDB
Vendor: DATEV eG
Type: ActiveX-Steuerelement
Version: 1.0.0.1
GUID: {C1CF8B56-3147-41A2-B9BF-79437EED7AFC}
File: DVBSExeCall.ocx
Folder: C:\DATEV\PROGRAMM\HLPDVBS\
Safe for Script: True
Safe for Init: True
IObjectSafety: False

Patch Availability:
Service-Release Paket V. 1.0
http://www.datev.de/portal/ShowPage.do?pid=dpi&nid=96550

CVE Information:
CVE-2010-0689

Disclosure Timeline:
2010.01.25: Initial contact per Online forms
2010.01.26: Initial vendor response
2010.02.03: Patch is published
2010.02.25: Release of this Advisory

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus