ID CVE-2007-0619
Summary chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. Update to version 0.39.
References
Vulnerable Configurations
  • cpe:2.3:a:chmlib:chmlib:*:*:*:*:*:*:*:*
    cpe:2.3:a:chmlib:chmlib:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 08-03-2011 - 02:50)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 22258
confirm http://morte.jedrea.com/~jedwin/projects/chmlib/
gentoo GLSA-200702-12
idefense 20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability
sectrack 1017565
secunia
  • 23975
  • 24335
suse SUSE-SR:2007:003
vupen ADV-2007-0361
Last major update 08-03-2011 - 02:50
Published 31-01-2007 - 11:28
Last modified 08-03-2011 - 02:50
Back to Top