CVE-2007-5657

https://notcve.org/view.php?id=CVE-2007-5657

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta el 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de respuestas manipuladas que contienen valores que son utilizados como punteros de compensación. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27295 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-20: Improper Input Validation •