CVE-2007-4375

{"id": "CVE-2007-4375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-16T18:17:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39546", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39547", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26431", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3018", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/476954/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25320", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36007", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36008", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address."}, {"lang": "es", "value": "La interfaz administrativa (tambi\u00e9n conocida como DkService.exe) en Diskeeper 9 Professional, 2007 Pro Premier, y probablemente otras versiones exponen una funci\u00f3n de comparaci\u00f3n de memoria a trav\u00e9s de RPC sobre TCP, lo cual permite a atacantes remotos (1) obtener informaci\u00f3n sensible (contenidos de la memoria del proceso), como se ha demostrado con un ataque que obtiene la direcci\u00f3n base del m\u00f3dulo para vencer la aleatorizaci\u00f3n de la distribuci\u00f3n del espacio de memoria (Address Space Layout Randomization o ASLR); o (2) provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante una direcci\u00f3n fuera de los l\u00edmites."}], "lastModified": "2018-10-15T21:34:55.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:diskeeper:diskeeper:9:*:professional:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72086DD7-EF2C-4347-8D43-07046DB0E3B3"}, {"criteria": "cpe:2.3:a:diskeeper:diskeeper:2007:*:pro_premier:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C0DFEEC-765C-46B5-80D2-F9913953024E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}