ID CVE-2007-4750
Summary Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.
References
Vulnerable Configurations
  • cpe:2.3:a:data-vision:remotedocs_r-viewer:*:*:*:*:*:*:*:*
    cpe:2.3:a:data-vision:remotedocs_r-viewer:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:37)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 25591
bugtraq 20070917 SYMSA-2007-009: RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure
misc http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-009.txt
osvdb 40544
sectrack 1018703
secunia 26835
sreason 3150
vupen ADV-2007-3199
xf remotedocs-rdz-code-execution(36652)
Last major update 15-10-2018 - 21:37
Published 18-09-2007 - 21:17
Last modified 15-10-2018 - 21:37
Back to Top