5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
6.7 Medium
AI Score
Confidence
High
0.148 Low
EPSS
Percentile
95.8%
The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.
CPE | Name | Operator | Version |
---|---|---|---|
diskeeper:diskeeper | diskeeper | eq | 9 |
diskeeper:diskeeper | diskeeper | eq | 2007 |
lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html
osvdb.org/39546
osvdb.org/39547
secunia.com/advisories/26431
securityreason.com/securityalert/3018
www.securityfocus.com/archive/1/476954/100/0/threaded
www.securityfocus.com/bid/25320
exchange.xforce.ibmcloud.com/vulnerabilities/36007
exchange.xforce.ibmcloud.com/vulnerabilities/36008