CVE-2007-2919 - Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-B

CVE-2007-2919

Summary

Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.

References

http://osvdb.org/37042
http://secunia.com/advisories/25568
http://www.kb.cert.org/vuls/id/449089
http://www.securityfocus.com/bid/24328
http://www.vupen.com/english/advisories/2007/2081
https://exchange.xforce.ibmcloud.com/vulnerabilities/34742

Vulnerable Configurations

cpe:2.3:a:e-book_systems:flipviewer:*:*:*:*:*:*:*:*
cpe:2.3:a:e-book_systems:flipviewer:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	24328
cert-vn	VU#449089
osvdb	37042
secunia	25568
vupen	ADV-2007-2081
xf	flipviewer-fviewerloading-bo(34742)

Last major update

29-07-2017 - 01:31

Published

06-06-2007 - 22:30

Last modified

29-07-2017 - 01:31