Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4375

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-4375
Last Modified 15 Nov 2008 01:56:46
Published 16 Aug 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4375

Summary

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

Vulnerable Systems

Application

  • Diskeeper 2007

  • Diskeeper 9


References

XF - diskeeper-dkservice-information-disclosure(36008)

XF - diskeeper-dkservice-dos(36007)

BID - 25320

SECUNIA - 26431

OSVDB - 39547

OSVDB - 39546

FULLDISC - 20070814 Remote Memory Read in Diskeeper 9 - 2007

BUGTRAQ - 20070816 Remote Memory Read in Diskeeper 9 - 2007

SREASON - 3018


Last Updated: 27 May 2016 10:45:50