Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1704

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1704
Last Modified 07 Mar 2011 10:07:30
Published 11 Apr 2008 06:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1704

Summary

Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.

Vulnerable Systems

Application

  • Tibco Enterprise Message Service 4.0.0

  • Tibco Enterprise Message Service 4.1.0

  • Tibco Enterprise Message Service 4.2.0

  • Tibco Enterprise Message Service 4.3.0

  • Tibco Enterprise Message Service 4.4.0

  • Tibco Enterprise Message Service 4.4.1

  • Tibco Enterprise Message Service 4.4.2

  • Tibco Iprocess Engine 10.6.0

  • Tibco Iprocess Engine 10.6.1


References

XF - tibco-ems-iprocess-code-execution(41761)

VUPEN - ADV-2008-1190

CONFIRM - http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt

SECTRACK - 1019826

BID - 28717

SECUNIA - 29775


Last Updated: 27 May 2016 10:47:38