Lucene search

MitreCVE-2007-1955

HistoryApr 11, 2007 - 1:19 a.m.

CVE-2007-1955

2007-04-1101:19:00

mitre

web.nvd.nist.gov

cve-2007-1955

buffer overflow

signkorea

skcrypax

activex

remote code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.098

Percentile

94.9%

JSON

Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

signkoreaskcommax_activex_controlMatch5.4.1.2

VendorProductVersionCPE
signkoreaskcommax_activex_control5.4.1.2cpe:2.3:a:signkorea:skcommax_activex_control:5.4.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
signkorea	skcommax_activex_control	5.4.1.2	cpe:2.3:a:signkorea:skcommax_activex_control:5.4.1.2:::::::*

References

osvdb.org/34322

secunia.com/advisories/24820

www.securityfocus.com/bid/23374

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.098

Percentile

94.9%

JSON

Related for CVE-2007-1955