CVE-2007-6254

Exploit

EPSS 20.11%
Published 20.03.2008 00:44:00
Last modified 09.04.2025 00:30:58
Source cret@cert.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Business Objects Version <= 6.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	20.11%	0.953

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/29437

Vendor Advisory

http://www.kb.cert.org/vuls/id/329673

US Government Resource

Exploit

http://www.kb.cert.org/vuls/id/MIMG-732R7X

Patch

http://www.securityfocus.com/bid/28292

http://www.securitytracker.com/id?1019668

http://www.vupen.com/english/advisories/2008/0927/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41256

https://nvd.nist.gov/vuln/detail/CVE-2007-6254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6254

EUVD