Back to search
CVE-2009-0194
Published: May 11, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
communicator-domain-security-bypass(50360)
vdb-entry
x_refsource_XF
http://secunia.com/secunia_research/2009-16/
x_refsource_MISC
1022173
vdb-entry
x_refsource_SECTRACK
20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass
mailing-list
x_refsource_BUGTRAQ
34858
vdb-entry
x_refsource_BID
54258
vdb-entry
x_refsource_OSVDB
34326
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now