CVE-2007-5657
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta el 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de respuestas manipuladas que contienen valores que son utilizados como punteros de compensación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-23 CVE Reserved
- 2008-01-16 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640 | Third Party Advisory | |
| http://secunia.com/advisories/28490 | Third Party Advisory | |
| http://securitytracker.com/id?1019193 | Vdb Entry | |
| http://www.securityfocus.com/bid/27295 | Vdb Entry | |
| http://www.tibco.com/mk/advisory.jsp | X_refsource_confirm | |
| http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt | X_refsource_confirm | |
| http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt | X_refsource_confirm | |
| http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2008/0173 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39707 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tibco Search vendor "Tibco" | Enterprise Message Service Search vendor "Tibco" for product "Enterprise Message Service" | * | - |
Affected
| in | Tibco Search vendor "Tibco" | Ems Server Search vendor "Tibco" for product "Ems Server" | * | - |
Safe
|
| Tibco Search vendor "Tibco" | Rtworks Search vendor "Tibco" for product "Rtworks" | <= 4.0.3 Search vendor "Tibco" for product "Rtworks" and version " <= 4.0.3" | - |
Affected
| ||||||
| Tibco Search vendor "Tibco" | Smartsockets Rtserver Search vendor "Tibco" for product "Smartsockets Rtserver" | <= 6.8.0 Search vendor "Tibco" for product "Smartsockets Rtserver" and version " <= 6.8.0" | - |
Affected
| ||||||