CVE-2007-6605

Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/39868
http://www.securityfocus.com/bid/27059	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39288
https://www.exploit-db.com/exploits/4801
http://osvdb.org/39868
http://www.securityfocus.com/bid/27059	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39288
https://www.exploit-db.com/exploits/4801

Configurations

Configuration 1 (hide)

cpe:2.3:a:skyfex:skyfex_client:1.0.2.77:*:*:*:*:*:*:*

History

21 Nov 2024, 00:40

Type	Values Removed	Values Added
References	~~() http://osvdb.org/39868 -~~	() http://osvdb.org/39868 -
References	~~() http://www.securityfocus.com/bid/27059 - Exploit~~	() http://www.securityfocus.com/bid/27059 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/39288 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/39288 -
References	~~() https://www.exploit-db.com/exploits/4801 -~~	() https://www.exploit-db.com/exploits/4801 -

Information

Published : 2007-12-31 20:46

Updated : 2024-11-21 00:40

NVD link : CVE-2007-6605

Mitre link : CVE-2007-6605

CVE.ORG link : CVE-2007-6605

JSON object : View

Products Affected

skyfex

skyfex_client

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-6605", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-31T20:46:00.000", "references": [{"url": "http://osvdb.org/39868", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27059", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39288", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4801", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39868", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27059", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39288", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/4801", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en un determinado control ActiveX de SkyFexClient.ocx 1.0.2.77 en SkyFex Client 1.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante cadenas largas en los primeros cuatro argumentos del m\u00e9todo Start."}], "lastModified": "2024-11-21T00:40:33.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skyfex:skyfex_client:1.0.2.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B62E9D48-2E3D-44F7-A1FA-F8CA46EFF4C9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}