CVE-2007-2419

{"id": "CVE-2007-2419", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-06T10:30:00.000", "references": [{"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36983", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25509", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018195", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2070", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721", "source": "cve@mitre.org"}, {"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-09", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/36983", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25509", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.installshield.com/kb/view.asp?articleid=Q113020", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/470585/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018195", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2070", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34721", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328."}, {"lang": "es", "value": "M\u00faltiples desordamientos de b\u00fafer en un control ActiveX (boisweb.dll) en Macrovision FLEXnet Connect 6.0 y Update Service 3.x hasta 5.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) el segudo par\u00e1metro del m\u00e9todo DownloadAndExecute y (2) el tercer par\u00e1metro del m\u00e9todo AddFileEx, una vulnerabilidad diferente de CVE-2007-0328."}], "lastModified": "2024-11-21T00:30:44.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:macrovision:flexnet_connect:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B07D756-3DB4-4ECD-83FD-CB60830F9267"}, {"criteria": "cpe:2.3:a:macrovision:update_service:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A09B825D-2B5C-4BA8-AF5D-AB0C3FB61BA4"}, {"criteria": "cpe:2.3:a:macrovision:update_service:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61E90832-465C-4C77-8171-36593FEF3DB0"}, {"criteria": "cpe:2.3:a:macrovision:update_service:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8427D006-33CA-4677-9536-26596FB210D9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}