CVE-2007-2856

{"id": "CVE-2007-2856", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-05-24T19:30:00.000", "references": [{"url": "http://osvdb.org/38111", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/ie_DartZip_bof.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/469503/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/469592/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24142", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24163", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34494", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34520", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en el control ActiveX de Dart Communications PowerTCP ZIP Compression en la biblioteca DartZip.dll versi\u00f3n 1.8.5.3, cuando se usa Internet Explorer versi\u00f3n 6, permite a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un argumento first largo hacia la funci\u00f3n QuickZip, un problema relacionado con CVE-2007-2855."}], "lastModified": "2018-10-16T16:45:48.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dart:powertcp_zip_compression:1.8.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5D06EE4-6C07-4A1C-80A3-E150D5F2D9F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}