| ID |
CVE-2007-2079
|
| Summary |
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. Additionally, this issue is remotely exploitable only if the installation is not secured as described in the manual. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 11-10-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 23491 | | exploit-db | 3738 | | osvdb | 41594 | | xf | xampp-mssqlconnect-bo(33683) |
|
| Last major update |
11-10-2017 - 01:32 |
| Published |
18-04-2007 - 03:19 |
| Last modified |
11-10-2017 - 01:32 |
