CVE-2007-6531
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.
Desbordamiento de búfer basado en pila en el componente Panel (xfce4-panel) para Xfce anterior a 4.4.2 podría permitir a atacantes remotos ejecutar código de su elección mediante un globo de ayuda de Launcher. NOTA: se ha reportado también un segundo desbordamiento de búfer (sobre-lectura) en la función xfce_mkdirhier, pero podría no ser explotable para un cierre o ejecución de código, y por tanto no es una vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-12-27 CVE Reserved
- 2008-01-09 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=201289 | X_refsource_misc | |
| http://bugs.gentoo.org/show_bug.cgi?id=201293 | X_refsource_confirm | |
| http://osvdb.org/43422 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0080 | Vdb Entry | |
| http://www.xfce.org/documentation/changelogs/4.4.2 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200801-06.xml | 2011-03-08 |