CVE-2015-1171
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gsm | sim_card_editor | 6.6 | |
References
- http://packetstormsecurity.com/files/129992/simeditor-overflow.txt
- https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/
- https://www.youtube.com/watch?v=tljbFpYtDTk
- http://packetstormsecurity.com/files/129992/simeditor-overflow.txt
- https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/
- https://www.youtube.com/watch?v=tljbFpYtDTk
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.