CVE-2007-2919

Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/37042
http://secunia.com/advisories/25568	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/449089	US Government Resource
http://www.securityfocus.com/bid/24328	Patch
http://www.vupen.com/english/advisories/2007/2081
https://exchange.xforce.ibmcloud.com/vulnerabilities/34742

Configurations

Configuration 1 (hide)

cpe:2.3:a:e-book_systems:flipviewer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-06 22:30

Updated : 2017-07-29 01:31

NVD link : CVE-2007-2919

Mitre link : CVE-2007-2919

CVE.ORG link : CVE-2007-2919

JSON object : View

Products Affected

e-book_systems

flipviewer

CWE

NVD-CWE-Other

{"id": "CVE-2007-2919", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-06T22:30:00.000", "references": [{"url": "http://osvdb.org/37042", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/25568", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/449089", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/24328", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2081", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34742", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX FViewerLoading (FlipViewerX.dll) en E-Book Systems FlipViewer anterior a 4.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante las propiedades (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL y (9) LoadOpf."}], "lastModified": "2017-07-29T01:31:50.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:e-book_systems:flipviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7172A75-99FD-448C-8B26-6A8BB40A3E2A", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}