CVE-2007-2514 - Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Disco

CVE-2007-2514

Summary

Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. "This issue only affects systems running non-secure communications, which comprise a very small percentage of installations worldwide."

References

Vulnerable Configurations

cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*
cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*
cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 16-10-2018 - 16:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	24317
bugtraq	20070605 TPTI-07-10: Centennial Software XferWan.exe Stack Overflow Vulnerability
misc	http://dvlabs.tippingpoint.com/advisory/TPTI-07-10
osvdb	42059
sectrack	1018191
sreason	2785
xf	centennial-xferwan-bo(34723)

Last major update

16-10-2018 - 16:44

Published

06-06-2007 - 10:30

Last modified

16-10-2018 - 16:44