Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-07-078
HistoryDec 17, 2007 - 12:00 a.m.

St. Bernard Open File Manager Heap Overflow Vulnerability

2007-12-1700:00:00
Anonymous
www.zerodayinitiative.com
11

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.363 Low

EPSS

Percentile

97.1%

JSON

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of St. Bernard Open File Manager. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Open File Manager service, ofmnt.exe, which listens by default on a random TCP port near 1000. The process blindly copies user-suppled data to a static heap buffer. By supplying an overly large amount of data, an attacker can overflow that buffer leading to arbitrary code execution in the context of the SYSTEM user.

Related

securityvulns 1
cvelist 1
prion 1
cve 1
securityvulns
securityvulns
ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability
2007-12-18 00:00:00
cvelist
cvelist
CVE-2007-6281
2007-12-20 00:00:00
prion
prion
Heap overflow
2007-12-20 00:46:00
cve
cve
CVE-2007-6281
2007-12-20 00:46:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.363 Low

EPSS

Percentile

97.1%

JSON
Related for ZDI-07-078
securityvulns1cvelist1prion1cve1