{"api_version":"1","generated_at":"2026-07-02T07:27:27+00:00","cve":"CVE-2010-0990","urls":{"html":"https://cve.report/CVE-2010-0990","api":"https://cve.report/api/cve/CVE-2010-0990.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-0990","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-0990"},"summary":{"title":"CVE-2010-0990","description":"Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.","state":"PUBLISHED","assigner":"flexera","published_at":"2010-06-15 14:04:22","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/bid/40768","name":"http://www.securityfocus.com/bid/40768","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/38970","name":"http://secunia.com/advisories/38970","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/511795/100/0/threaded","name":"http://www.securityfocus.com/archive/1/511795/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2010-52/","name":"http://secunia.com/secunia_research/2010-52/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Research - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-0990","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0990","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"990","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"creative","cpe5":"autoupdate","cpe6":"1.40.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"990","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"creative","cpe5":"autoupdate_engine_activex_control","cpe6":"2.0.12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T01:06:52.589Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"38970","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38970"},{"name":"40768","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/40768"},{"name":"20100611 Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/511795/100/0/threaded"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://secunia.com/secunia_research/2010-52/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-06-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-10T18:57:01.000Z","orgId":"44d08088-2bea-4760-83a6-1e9be26b15ab","shortName":"flexera"},"references":[{"name":"38970","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38970"},{"name":"40768","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/40768"},{"name":"20100611 Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/511795/100/0/threaded"},{"tags":["x_refsource_MISC"],"url":"http://secunia.com/secunia_research/2010-52/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"PSIRT-CNA@flexerasoftware.com","ID":"CVE-2010-0990","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"38970","refsource":"SECUNIA","url":"http://secunia.com/advisories/38970"},{"name":"40768","refsource":"BID","url":"http://www.securityfocus.com/bid/40768"},{"name":"20100611 Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/511795/100/0/threaded"},{"name":"http://secunia.com/secunia_research/2010-52/","refsource":"MISC","url":"http://secunia.com/secunia_research/2010-52/"}]}}}},"cveMetadata":{"assignerOrgId":"44d08088-2bea-4760-83a6-1e9be26b15ab","assignerShortName":"flexera","cveId":"CVE-2010-0990","datePublished":"2010-06-14T18:00:00.000Z","dateReserved":"2010-03-18T00:00:00.000Z","dateUpdated":"2024-08-07T01:06:52.589Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2010-06-15 14:04:22","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:creative:autoupdate_engine_activex_control:2.0.12.0:*:*:*:*:*:*:*","matchCriteriaId":"36CFCA60-BF05-4892-81DD-BF6F6876B599"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:creative:autoupdate:1.40.01:*:*:*:*:*:*:*","matchCriteriaId":"21B8C3DD-2839-47FF-90BF-DFDF04E373CF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"990","Ordinal":"1","Title":"CVE-2010-0990","CVE":"CVE-2010-0990","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"990","Ordinal":"1","NoteData":"Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.","Type":"Description","Title":"CVE-2010-0990"},{"CveYear":"2010","CveId":"990","Ordinal":"2","NoteData":"2010-06-14","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"990","Ordinal":"3","NoteData":"2018-10-10","Type":"Other","Title":"Modified"}]}}}