CVE-2007-2814

Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/36518
http://retrogod.altervista.org/IE_pegasus_imagn_bof.html
http://secunia.com/advisories/25351	Vendor Advisory
http://www.securityfocus.com/bid/24086	Exploit
http://www.vupen.com/english/advisories/2007/1899
https://exchange.xforce.ibmcloud.com/vulnerabilities/34419

Configurations

Configuration 1 (hide)

cpe:2.3:a:pegasus:imagn_activex_control:4.00.041:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-22 19:30

Updated : 2017-07-29 01:31

NVD link : CVE-2007-2814

Mitre link : CVE-2007-2814

CVE.ORG link : CVE-2007-2814

JSON object : View

Products Affected

pegasus

imagn_activex_control

CWE

NVD-CWE-Other

{"id": "CVE-2007-2814", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-22T19:30:00.000", "references": [{"url": "http://osvdb.org/36518", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/IE_pegasus_imagn_bof.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25351", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24086", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1899", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34419", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en el control ActiveX Pegasus ImagN' (EMW32O40.OCX) 4.00.041 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un par\u00e1metro FileName largo, o vectores no especificados involucrando las funciones (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, y otras."}], "lastModified": "2017-07-29T01:31:45.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pegasus:imagn_activex_control:4.00.041:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EE98401-0874-40DB-9D8D-8F1A680EF7C5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}