Lucene search

[email protected]CVE-2007-3286

HistorySep 19, 2007 - 6:17 p.m.

CVE-2007-3286

2007-09-1918:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-3286

buffer overflow

remote code execution

avaya

activex

com

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

avayaip_soft_phoneRange≤5.2sp2

avayaip_soft_phoneMatch6.0

CPENameOperatorVersion
avaya:ip_soft_phoneavaya ip soft phonele5.2
avaya:ip_soft_phoneavaya ip soft phoneeq6.0

CPE	Name	Operator	Version
avaya:ip_soft_phone	avaya ip soft phone	le	5.2
avaya:ip_soft_phone	avaya ip soft phone	eq	6.0

References

osvdb.org/38258

support.avaya.com/elmodocs2/security/ASA-2007-314.htm

www.securityfocus.com/bid/25707

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2007-3286

prion1 cvelist1 nvd1