ID |
CVE-2007-2588
|
Summary |
Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. Failed exploit attempts will likely result in a browser-level denial of service condition. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 9.3 (as of 29-07-2017 - 01:31) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 23811 | misc | | osvdb | 34335 | secunia | 25143 | vupen | ADV-2007-1664 | xf | office-viewer-oaocx-bo(34067) |
|
Last major update |
29-07-2017 - 01:31 |
Published |
10-05-2007 - 00:19 |
Last modified |
29-07-2017 - 01:31 |