CVE-2007-3286

Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/38258
http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm
http://www.securityfocus.com/bid/25707
http://osvdb.org/38258
http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm
http://www.securityfocus.com/bid/25707

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:ip_soft_phone::sp2::::::*
	cpe:2.3:a:avaya:ip_soft_phone:6.0:::::::*

History

21 Nov 2024, 00:32

Type	Values Removed	Values Added
References	~~() http://osvdb.org/38258 -~~	() http://osvdb.org/38258 -
References	~~() http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm -~~	() http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm -
References	~~() http://www.securityfocus.com/bid/25707 -~~	() http://www.securityfocus.com/bid/25707 -

Information

Published : 2007-09-19 18:17

Updated : 2024-11-21 00:32

NVD link : CVE-2007-3286

Mitre link : CVE-2007-3286

CVE.ORG link : CVE-2007-3286

JSON object : View

Products Affected

avaya

ip_soft_phone

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-3286", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-19T18:17:00.000", "references": [{"url": "http://osvdb.org/38258", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25707", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38258", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25707", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en controles ActiveX en objetos COM de Avaya IP Softphone R5.2 anterior a SP3, y R6.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados."}], "lastModified": "2024-11-21T00:32:51.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:ip_soft_phone:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "053EAEA7-D936-46E8-B8DA-AC9B484ED57C", "versionEndIncluding": "5.2"}, {"criteria": "cpe:2.3:a:avaya:ip_soft_phone:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85F6B57D-1319-4A71-9A4A-6A2D01DA4F5D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}