CVE-2007-2495

{"id": "CVE-2007-2495", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-05-04T00:19:00.000", "references": [{"url": "http://moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34333", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25077", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23755", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1613", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34011", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3830", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en el control ActiveX ExcelOCX en ExcelViewer.ocx 3.1.0.6 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (c\u00e1ida de Internet Explorer 7) mediante un valor de propiedad largo (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, \u00f3 (9) OpenWebFile.\r\nNOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "lastModified": "2017-10-11T01:32:15.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:office_ocx:excel_viewer_ocx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5C6DCDA-87D0-40FE-B746-70E9F902A272", "versionEndIncluding": "3.1.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}