Lucene search

MitreCVE-2007-4489

HistoryAug 22, 2007 - 11:17 p.m.

CVE-2007-4489

2007-08-2223:17:00

mitre

web.nvd.nist.gov

cve-2007-4489

buffer overflow

iuacomformx

activex

uacomx.ocx

remote code execution

ecentrex voip client

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.207

Percentile

96.4%

JSON

Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method.

Affected configurations

Nvd

Node

ecentrexvoip_client_module

VendorProductVersionCPE
ecentrexvoip_client_module*cpe:2.3:a:ecentrex:voip_client_module:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ecentrex	voip_client_module	*	cpe:2.3:a:ecentrex:voip_client_module::::::::

References

osvdb.org/37738

secunia.com/advisories/26525

www.securityfocus.com/bid/25383

www.securitytracker.com/id?1018596

www.vupen.com/english/advisories/2007/2954

exchange.xforce.ibmcloud.com/vulnerabilities/36129

www.exploit-db.com/exploits/4299

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.207

Percentile

96.4%

JSON

Related for CVE-2007-4489