CVE-2007-3815 - Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local us

CVE-2007-3815

Summary

Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment.

References

Vulnerable Configurations

cpe:2.3:a:republike_slovenije:pirs:2007:*:*:*:*:*:*:*
cpe:2.3:a:republike_slovenije:pirs:2007:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

fulldisc	20070713 PIRS2007 local buffer overflow vulnerability
misc	http://www.pirs.si/slo/index.php?dep_id=29&help_id=60
osvdb	38697
sreason	2898
xf	pirs-pirs32-bo(35388)

Last major update

29-07-2017 - 01:32

Published

17-07-2007 - 00:30

Last modified

29-07-2017 - 01:32