CVE-2017-6459 Information

Description

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://support.ntp.org/bin/view/Main/NtpBug3382 http://support.ntp.org/bin/view/Main/SecurityNoticeMarch_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97076 http://www.securitytracker.com/id/1038123 https://support.apple.com/HT208144

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5