Lucene search

[email protected]CVE-2007-2980

HistoryJun 01, 2007 - 1:30 a.m.

CVE-2007-2980

2007-06-0101:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-2980

buffer overflow

activex control

leadtools

denial of service

remote code execution

nvd

8.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.154 Low

EPSS

Percentile

95.9%

JSON

Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827.

CPENameOperatorVersion
lead_technologies:leadtools_raster_isis_objectlead technologies leadtools raster isis objecteq14.5.0.44
lead_technologies:leadtools_raster_image_sdklead technologies leadtools raster image sdkeq14.5

CPE	Name	Operator	Version
lead_technologies:leadtools_raster_isis_object	lead technologies leadtools raster isis object	eq	14.5.0.44
lead_technologies:leadtools_raster_image_sdk	lead technologies leadtools raster image sdk	eq	14.5

References

moaxb.blogspot.com/2007/05/moaxb-27-leadtools-raster-isis-object.html

osvdb.org/36043

secunia.com/advisories/25433

www.securityfocus.com/bid/24193

www.shinnai.altervista.org/moaxb/20070527/leadrasterisistxt.html

www.vupen.com/english/advisories/2007/1972

exchange.xforce.ibmcloud.com/vulnerabilities/34528

8.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.154 Low

EPSS

Percentile

95.9%

JSON

Related for CVE-2007-2980

prion2 cve1