CVE-2007-5655
iDEFENSE Security Advisory 2008-01-15.2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta la 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de respuestas manipuladas que contienen valores que son utilizados como punteros.
Remote exploitation of multiple untrusted pointer vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as pointers. These pointer values are then used in various memory operations. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-23 CVE Reserved
- 2008-01-16 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639 | Third Party Advisory | |
| http://secunia.com/advisories/28490 | Third Party Advisory | |
| http://securitytracker.com/id?1019193 | Vdb Entry | |
| http://www.securityfocus.com/bid/27292 | Vdb Entry | |
| http://www.tibco.com/mk/advisory.jsp | X_refsource_confirm | |
| http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt | X_refsource_confirm | |
| http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt | X_refsource_confirm | |
| http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2008/0173 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39705 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tibco Search vendor "Tibco" | Enterprise Message Service Search vendor "Tibco" for product "Enterprise Message Service" | * | - |
Affected
| in | Tibco Search vendor "Tibco" | Ems Server Search vendor "Tibco" for product "Ems Server" | * | - |
Safe
|
| Tibco Search vendor "Tibco" | Rtworks Search vendor "Tibco" for product "Rtworks" | <= 4.0.3 Search vendor "Tibco" for product "Rtworks" and version " <= 4.0.3" | - |
Affected
| ||||||
| Tibco Search vendor "Tibco" | Smartsockets Rtserver Search vendor "Tibco" for product "Smartsockets Rtserver" | <= 6.8.0 Search vendor "Tibco" for product "Smartsockets Rtserver" and version " <= 6.8.0" | - |
Affected
| ||||||