5.8

CVE-2007-4375

Exploit

EPSS 13.04%
Veröffentlicht 16.08.2007 18:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Diskeeper ≫ Diskeeper Version9 Editionprofessional

Diskeeper ≫ Diskeeper Version2007 Editionpro_premier

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.04%	0.938

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html

Exploit

http://osvdb.org/39546

http://osvdb.org/39547

http://secunia.com/advisories/26431

Vendor Advisory

http://securityreason.com/securityalert/3018

http://www.securityfocus.com/archive/1/476954/100/0/threaded

http://www.securityfocus.com/bid/25320

https://exchange.xforce.ibmcloud.com/vulnerabilities/36007

https://exchange.xforce.ibmcloud.com/vulnerabilities/36008

https://nvd.nist.gov/vuln/detail/CVE-2007-4375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4375

EUVD