CVE-2007-5279

EPSS 18.33%
Veröffentlicht 09.10.2007 00:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 might allow remote attackers to execute arbitrary code via a long filename in a BlackHole archive.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Conexware ≫ Powerarchiver Version8.10

Conexware ≫ Powerarchiver Version8.60

Conexware ≫ Powerarchiver Version9.5_beta_4

Conexware ≫ Powerarchiver Version9.5_beta_5

Conexware ≫ Powerarchiver Version9.25

Conexware ≫ Powerarchiver Version9.62.03

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.33%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://jvn.jp/jp/JVN%2361323184/index.html

http://osvdb.org/41552

http://secunia.com/advisories/27000

Patch

Vendor Advisory

http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071009

http://www.powerarchiver.com/news/

Patch

http://www.securityfocus.com/bid/25938

http://www.vupen.com/english/advisories/2007/3378

https://exchange.xforce.ibmcloud.com/vulnerabilities/36969

https://nvd.nist.gov/vuln/detail/CVE-2007-5279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5279

EUVD