10
CVE-2008-4479
- EPSS 10.33%
- Veröffentlicht 14.10.2008 22:36:58
- Zuletzt bearbeitet 16.06.2026 22:57:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Novell ≫ Edirectory Version >= 8.7.3 < 8.7.3.10
Novell ≫ Edirectory Version >= 8.8 < 8.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.33% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
http://secunia.com/advisories/32111
http://www.securitytracker.com/id?1020989
http://www.vupen.com/english/advisories/2008/2738
http://securityreason.com/securityalert/4405
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953
http://www.securityfocus.com/archive/1/497164/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-064