Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4916

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4916
Last Modified 07 Mar 2011 09:59:38
Published 17 Sep 2007 01:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4916

Summary

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.

Vulnerable Systems

Application

  • Hp Photo And Imaging Gallery 1.1


References

CERT-VN - VU#611008

VUPEN - ADV-2007-3182

BUGTRAQ - 20070914 [GOODFELLAS-VULN] FileFind class from MFC Library cause heapoverflow

BUGTRAQ - 20070914 [GOODFELLAS-VULN] ActiveX hpqutil!ListFiles hpqutil.dll - Remoteheap overflow

MISC - http://goodfellas.shellcode.com.ar/own/VULWKU200706142

MISC - http://goodfellas.shellcode.com.ar/own/VULWAR200706041

XF - hp-hpqutillistfiles-bo(36609)

XF - visual-mfc-findfile-bo(36608)

SECTRACK - 1018698

BID - 25697

BID - 25673

SREASON - 3143

SECUNIA - 26800


Last Updated: 27 May 2016 10:46:01