CVE-2007-4375

Exploit

EPSS 3.38%
Veröffentlicht 16.08.2007 18:17:00
Zuletzt bearbeitet 16.06.2026 22:43:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Diskeeper ≫ Diskeeper Version9 Editionprofessional

Diskeeper ≫ Diskeeper Version2007 Editionpro_premier

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.38%	0.872

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html

Exploit

http://osvdb.org/39546

http://osvdb.org/39547

http://secunia.com/advisories/26431

Vendor Advisory

http://securityreason.com/securityalert/3018

http://www.securityfocus.com/archive/1/476954/100/0/threaded

http://www.securityfocus.com/bid/25320

https://exchange.xforce.ibmcloud.com/vulnerabilities/36007

https://exchange.xforce.ibmcloud.com/vulnerabilities/36008

https://nvd.nist.gov/vuln/detail/CVE-2007-4375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4375

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-4375