CVE-2007-5470

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/38486
http://secunia.com/advisories/27144	Vendor Advisory
http://support.microsoft.com/kb/942109
http://www.securityfocus.com/bid/25996
http://osvdb.org/38486
http://secunia.com/advisories/27144	Vendor Advisory
http://support.microsoft.com/kb/942109
http://www.securityfocus.com/bid/25996

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:expression_media:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:37

Type	Values Removed	Values Added
References	~~() http://osvdb.org/38486 -~~	() http://osvdb.org/38486 -
References	~~() http://secunia.com/advisories/27144 - Vendor Advisory~~	() http://secunia.com/advisories/27144 - Vendor Advisory
References	~~() http://support.microsoft.com/kb/942109 -~~	() http://support.microsoft.com/kb/942109 -
References	~~() http://www.securityfocus.com/bid/25996 -~~	() http://www.securityfocus.com/bid/25996 -

Information

Published : 2007-10-16 00:17

Updated : 2024-11-21 00:37

NVD link : CVE-2007-5470

Mitre link : CVE-2007-5470

CVE.ORG link : CVE-2007-5470

JSON object : View

Products Affected

microsoft

expression_media

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-310

Cryptographic Issues

{"id": "CVE-2007-5470", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-16T00:17:00.000", "references": [{"url": "http://osvdb.org/38486", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27144", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.microsoft.com/kb/942109", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25996", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38486", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27144", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.microsoft.com/kb/942109", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25996", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file."}, {"lang": "es", "value": "Microsoft Expression Media almacena la contrase\u00f1a del cat\u00e1logo en texto en claro en el fichero de cat\u00e1logo IVC, lo cual permite a usuarios locales obtener informaci\u00f3n confidencial y obtener acceso al cat\u00e1logo al leer el fichero IVC."}], "lastModified": "2024-11-21T00:37:58.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:expression_media:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9EF0FC1-25B7-4909-96DA-69BC897AA29C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}