CVE-2007-4145

Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://codeaudit.blogspot.com/
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064995.html
http://securityreason.com/securityalert/2959
http://www.securityfocus.com/archive/1/475150/100/0/threaded
http://www.securityfocus.com/bid/25149	Exploit
http://www.vulnhunt.com/advisories/CAL-20070730-1_BlueSkyCat_v2.ocx_ActiveX_remote_heap_overflow_vulnerability_en.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/35699
http://codeaudit.blogspot.com/
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064995.html
http://securityreason.com/securityalert/2959
http://www.securityfocus.com/archive/1/475150/100/0/threaded
http://www.securityfocus.com/bid/25149	Exploit
http://www.vulnhunt.com/advisories/CAL-20070730-1_BlueSkyCat_v2.ocx_ActiveX_remote_heap_overflow_vulnerability_en.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/35699

Configurations

Configuration 1 (hide)

cpe:2.3:a:bluesky:blueskychat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:34

Type	Values Removed	Values Added
References	~~() http://codeaudit.blogspot.com/ -~~	() http://codeaudit.blogspot.com/ -
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064995.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064995.html -
References	~~() http://securityreason.com/securityalert/2959 -~~	() http://securityreason.com/securityalert/2959 -
References	~~() http://www.securityfocus.com/archive/1/475150/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/475150/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/25149 - Exploit~~	() http://www.securityfocus.com/bid/25149 - Exploit
References	~~() http://www.vulnhunt.com/advisories/CAL-20070730-1_BlueSkyCat_v2.ocx_ActiveX_remote_heap_overflow_vulnerability_en.txt -~~	() http://www.vulnhunt.com/advisories/CAL-20070730-1_BlueSkyCat_v2.ocx_ActiveX_remote_heap_overflow_vulnerability_en.txt -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35699 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35699 -

Information

Published : 2007-08-03 20:17

Updated : 2024-11-21 00:34

NVD link : CVE-2007-4145

Mitre link : CVE-2007-4145

CVE.ORG link : CVE-2007-4145

JSON object : View

Products Affected

bluesky

blueskychat

CWE

NVD-CWE-Other

4.3 /10