CVE-2007-1173 - Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Ce

CVE-2007-1173

Summary

Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.

References

Vulnerable Configurations

cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*
cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*
cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	24002
misc	http://secunia.com/secunia_research/2007-41/advisory/ http://secunia.com/secunia_research/2007-42/advisory/ http://secunia.com/secunia_research/2007-43/advisory/
osvdb	35076
sectrack	1018072
secunia	24090 24281 24329
vupen	ADV-2007-1832 ADV-2007-1833 ADV-2007-1834
xf	xferwan-tcp-bo(34313)

Last major update

29-07-2017 - 01:30

Published

16-05-2007 - 22:30

Last modified

29-07-2017 - 01:30