Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation
Vulnerability Description
WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
TssServiSignAdapter 输入验证错误漏洞
Vulnerability Description
台信证券股份有限公司 TssServiSignAdapter(全景TSSServiSignAdapter Windows版本)是中国台信证券股份有限公司公司的 TssServiSignAdapter Windows版本1.0.20.0316及以下版本存在输入验证错误漏洞,该漏洞源于TSSServiSign组件中的WriteRegistry函数没有过滤和验证用户输入,远程攻击者可利用该漏洞可以在没有权限的情况下重写注册表,从而执行劫持攻击来执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A