Lucene search

[email protected]CVE-2007-2526

HistoryMay 08, 2007 - 11:19 p.m.

CVE-2007-2526

2007-05-0823:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2526

vnc

buffer overflow

remote code execution

scvncctrl.dll

connectasyncex

activex control

smartcode vnc manager 3.6

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.244 Low

EPSS

Percentile

96.7%

JSON

Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.

Affected configurations

NVD

Node

smartcodevnc_managerMatch3.6

CPENameOperatorVersion
smartcode:vnc_managersmartcode vnc managereq3.6

CPE	Name	Operator	Version
smartcode:vnc_manager	smartcode vnc manager	eq	3.6

References

moaxb.blogspot.com/2007/05/moaxb-08-smartcode-vnc-manager-36.html

osvdb.org/34340

secunia.com/advisories/25203

www.exploit-db.com/exploits/3873

www.securityfocus.com/bid/23869

www.shinnai.altervista.org/moaxb/20070508/scvncctrl.txt

www.vupen.com/english/advisories/2007/1704

exchange.xforce.ibmcloud.com/vulnerabilities/34149

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.244 Low

EPSS

Percentile

96.7%

JSON

Related for CVE-2007-2526

nvd1 cvelist1 prion1