Vulnerability CVE-2007-2514

Vulnerability CVE-2007-2514

Published: 2007-06-06 Modified: 2012-02-12

Description:

Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.

See advisories in our WLB2 database:

	Topic	Author	Date
High	XferWan.exe Stack Overflow Vulnerability	TSRT	11.06.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Symantec -> Discovery
Numara -> Asset manager
Centennial -> Discovery

References:

http://dvlabs.tippingpoint.com/advisory/TPTI-07-10

http://securityreason.com/securityalert/2785

http://www.securityfocus.com/archive/1/470563/100/0/threaded

http://www.securityfocus.com/bid/24317

http://www.securitytracker.com/id?1018191

https://exchange.xforce.ibmcloud.com/vulnerabilities/34723

Copyright 2024, cxsecurity.com