Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5657

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5657
Last Modified 07 Mar 2011 10:01:05
Published 15 Jan 2008 10:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5657

Summary

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.

Vulnerable Systems

Application

  • Tibco Enterprise Message Service

  • Tibco Rtworks 4.0.3

  • Tibco Smartsockets Rtserver 6.8.0


References

VUPEN - ADV-2008-0173

CONFIRM - http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt

CONFIRM - http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt

CONFIRM - http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt

CONFIRM - http://www.tibco.com/mk/advisory.jsp

BID - 27295

IDEFENSE - 20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities

XF - tibco-rtserver-offset-code-execution(39707)

SECTRACK - 1019193

SECUNIA - 28490


Last Updated: 27 May 2016 10:46:14