CVE-2007-6530

Exploit

EPSS 65.75%
Published 27.12.2007 22:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Groove ≫ Virtual Office

Hp ≫ Loadrunner

Persits ≫ Xupload Version2.1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	65.75%	0.983

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=full-disclosure&m=119863639428564&w=2

Exploit

http://osvdb.org/39901

http://secunia.com/advisories/28145

Vendor Advisory

http://secunia.com/advisories/28205

Vendor Advisory

http://secunia.com/advisories/28218

Vendor Advisory

http://www.securityfocus.com/bid/27025

Exploit

http://www.securitytracker.com/id?1019147

http://www.vupen.com/english/advisories/2007/4310

https://nvd.nist.gov/vuln/detail/CVE-2007-6530

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6530

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6530

EUVD