CVE-2007-2588 - Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attacke

CVE-2007-2588

Summary

Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. Failed exploit attempts will likely result in a browser-level denial of service condition.

References

Vulnerable Configurations

cpe:2.3:a:office_ocx:office_viewer_ocx:3.2:*:*:*:*:*:*:*
cpe:2.3:a:office_ocx:office_viewer_ocx:3.2:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23811
misc	http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html http://www.shinnai.altervista.org/moaxb/20070504/oa.txt
osvdb	34335
secunia	25143
vupen	ADV-2007-1664
xf	office-viewer-oaocx-bo(34067)

Last major update

29-07-2017 - 01:31

Published

10-05-2007 - 00:19

Last modified

29-07-2017 - 01:31