CVE-2007-6386

EPSS 1.34%
Veröffentlicht 15.12.2007 02:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trend Micro ≫ Trend Micro Antivirus Plus Antispyware Version2008 Updatebld_1450

Trend Micro ≫ Trend Micro Internet Security Virus Bust Version2008 Updatebld_1451

Trend Micro ≫ Trend Micro Internet Security Pro

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.34%	0.782

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464

Patch

http://osvdb.org/39769

http://osvdb.org/39770

http://secunia.com/advisories/28038

Patch

Vendor Advisory

http://secway.org/advisory/AD20071211.txt

http://www.securitytracker.com/id?1019079

http://www.vupen.com/english/advisories/2007/4191

https://exchange.xforce.ibmcloud.com/vulnerabilities/38982

https://nvd.nist.gov/vuln/detail/CVE-2007-6386

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6386

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6386

EUVD