Lucene search

MitreCVE-2007-2588

HistoryMay 10, 2007 - 12:19 a.m.

CVE-2007-2588

2007-05-1000:19:00

mitre

web.nvd.nist.gov

cve-2007-2588

buffer overflow

office viewer

activex control

denial of service

arbitrary code

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.181

Percentile

96.2%

JSON

Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function.

Affected configurations

Nvd

Node

office_ocxoffice_viewer_ocxMatch3.2

VendorProductVersionCPE
office_ocxoffice_viewer_ocx3.2cpe:2.3:a:office_ocx:office_viewer_ocx:3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
office_ocx	office_viewer_ocx	3.2	cpe:2.3:a:office_ocx:office_viewer_ocx:3.2:::::::*

References

moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html

osvdb.org/34335

secunia.com/advisories/25143

www.securityfocus.com/bid/23811

www.shinnai.altervista.org/moaxb/20070504/oa.txt

www.vupen.com/english/advisories/2007/1664

exchange.xforce.ibmcloud.com/vulnerabilities/34067

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.181

Percentile

96.2%

JSON

Related for CVE-2007-2588