CVE-2007-1684

The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/34320
http://secunia.com/advisories/24762	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/556801	Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/23290	Patch Vendor Advisory
http://www.securitytracker.com/id?1017855	Vendor Advisory
http://www.vupen.com/english/advisories/2007/1216
https://exchange.xforce.ibmcloud.com/vulnerabilities/33428

Configurations

Configuration 1 (hide)

cpe:2.3:a:solidworks:sldimdownload_activex_control:16.0.0.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-06 01:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-1684

Mitre link : CVE-2007-1684

CVE.ORG link : CVE-2007-1684

JSON object : View

Products Affected

solidworks

sldimdownload_activex_control

CWE

NVD-CWE-Other

{"id": "CVE-2007-1684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-04-06T01:19:00.000", "references": [{"url": "http://osvdb.org/34320", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/24762", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/556801", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/23290", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1017855", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1216", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33428", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments."}, {"lang": "es", "value": "La funci\u00f3n Run en el control ActiveX SolidWorks sldimdownload en sldimdownload.dll anterior a 16.0.0.6 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de los argumentos (1) installerpath y (2) applicationarguments."}], "lastModified": "2017-07-29T01:30:55.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solidworks:sldimdownload_activex_control:16.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B7AE335-0825-403E-954D-BDD6D094BEF3"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}