CVE-2007-5155

{"id": "CVE-2007-5155", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-10-01T05:17:00.000", "references": [{"url": "http://osvdb.org/41381", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26973", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://vuln.sg/iceows420b-en.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25844", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3312", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36843", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/41381", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26973", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://vuln.sg/iceows420b-en.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25844", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/3312", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36843", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow."}, {"lang": "es", "value": "IceGUI.DLL en ICEOWS 4.20b invoca una funci\u00f3n con argumentos incorrectos, lo cual permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de archivo largo en la cabecera de un archivo ACE, lo cual dispara un desbordamiento de b\u00fafer basado en pila."}], "lastModified": "2024-11-21T00:37:15.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iceows:iceows:4.20b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE94F368-73F0-43CA-B292-F5362C749CF7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}