The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CDatev Base System
APPDatevwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2011-5158HIGH9.3ten sam vendor
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DA...
CVE-2023-33387MEDIUM6.1ten sam vendor
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Pl...
CVE-2003-1169MEDIUM4.6ten sam vendor
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows lo...