CVE-2007-4375

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html	Exploit
http://osvdb.org/39546
http://osvdb.org/39547
http://secunia.com/advisories/26431	Vendor Advisory
http://securityreason.com/securityalert/3018
http://www.securityfocus.com/archive/1/476954/100/0/threaded
http://www.securityfocus.com/bid/25320
https://exchange.xforce.ibmcloud.com/vulnerabilities/36007
https://exchange.xforce.ibmcloud.com/vulnerabilities/36008
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html	Exploit
http://osvdb.org/39546
http://osvdb.org/39547
http://secunia.com/advisories/26431	Vendor Advisory
http://securityreason.com/securityalert/3018
http://www.securityfocus.com/archive/1/476954/100/0/threaded
http://www.securityfocus.com/bid/25320
https://exchange.xforce.ibmcloud.com/vulnerabilities/36007
https://exchange.xforce.ibmcloud.com/vulnerabilities/36008

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:diskeeper:diskeeper:9::professional:::::
	cpe:2.3:a:diskeeper:diskeeper:2007::pro_premier:::::

History

21 Nov 2024, 00:35

Type	Values Removed	Values Added
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html - Exploit~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html - Exploit
References	~~() http://osvdb.org/39546 -~~	() http://osvdb.org/39546 -
References	~~() http://osvdb.org/39547 -~~	() http://osvdb.org/39547 -
References	~~() http://secunia.com/advisories/26431 - Vendor Advisory~~	() http://secunia.com/advisories/26431 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/3018 -~~	() http://securityreason.com/securityalert/3018 -
References	~~() http://www.securityfocus.com/archive/1/476954/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/476954/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/25320 -~~	() http://www.securityfocus.com/bid/25320 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/36007 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/36007 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/36008 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/36008 -

Information

Published : 2007-08-16 18:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4375

Mitre link : CVE-2007-4375

CVE.ORG link : CVE-2007-4375

JSON object : View

Products Affected

diskeeper

diskeeper

CWE

NVD-CWE-Other

5.8 /10