CVE-2010-1907 Information

Description

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance Dynamic Agent and Subscriber Assistance allows remote attackers to discover the username of the client user and consequently determine a pathname to a certain user directory via a call to the GetUserName method.

Reference

http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.kb.cert.org/vuls/id/602801 http://www.securityfocus.com/archive/1/511176/100/0/threaded http://www.wintercore.com/downloads/rootedcon_0day.pdf