Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4473

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4473
Last Modified 15 Nov 2008 01:57:09
Published 17 Dec 2007 04:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4473

Summary

Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.

Vulnerable Systems

Application

  • Gesytec Easylon Opc Server 2.30.32


References

CERT-VN - VU#205073

MISC - http://www.neutralbit.com/en/rd/opctest/

MISC - http://www.neutralbit.com/downloads/NB-NB-001-EXT-OPC%20Security%20Testing.pdf

OSVDB - 42650

XF - easylon-server-code-execution(39062)

BID - 26876

SECUNIA - 28079


Last Updated: 27 May 2016 10:45:52