CVE-2007-5657

{"id": "CVE-2007-5657", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-16T03:00:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28490", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019193", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27295", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/mk/advisory.jsp", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0173", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."}, {"lang": "es", "value": "TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta el 4.4.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de respuestas manipuladas que contienen valores que son utilizados como punteros de compensaci\u00f3n."}], "lastModified": "2017-07-29T01:33:47.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A4F1058-6D26-4FA9-ACC0-8E2CB9E47EE8", "versionEndIncluding": "4.0.3"}, {"criteria": "cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A607554-6A94-47FC-919C-8BC77E72E527", "versionEndIncluding": "6.8.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tibco:ems_server:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A71A6DEC-C0A5-456D-BB28-EC5CA61BE796"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C559EFC8-9BA6-41F7-AB44-3C10AEC52F56"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}