ID CVE-2007-4751
Summary RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files.
References
Vulnerable Configurations
  • cpe:2.3:a:data-vision:remotedocs_r-viewer:*:*:*:*:*:*:*:*
    cpe:2.3:a:data-vision:remotedocs_r-viewer:*:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 15-10-2018 - 21:37)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 25591
bugtraq 20070917 SYMSA-2007-009: RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure
misc http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-009.txt
sectrack 1018703
secunia 26835
sreason 3150
vupen ADV-2007-3199
xf remotedocs-directories-info-disclosure(36654)
Last major update 15-10-2018 - 21:37
Published 18-09-2007 - 21:17
Last modified 15-10-2018 - 21:37
Back to Top