Lucene search

[email protected]CVE-2007-3695

HistoryJul 11, 2007 - 10:30 p.m.

CVE-2007-3695

2007-07-1122:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3695

buffer overflow

licrcmd.exe

ca erwin process modeler

arbitrary code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.

Affected configurations

NVD

Node

broadcomerwin_process_modelerMatch7.1

CPENameOperatorVersion
broadcom:erwin_process_modelerbroadcom erwin process modelereq7.1

CPE	Name	Operator	Version
broadcom:erwin_process_modeler	broadcom erwin process modeler	eq	7.1

References

osvdb.org/39597

www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf

www.securityfocus.com/bid/24817

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2007-3695

cvelist1 nvd1 prion1