CVE-2017-7908
Severity Score
7.6
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.
Existe un desbordamiento de búfer basado en memoria dinámica (heap) en el producto de terceros Gigasoft, en versiones v5 y anteriores, que está incluido en GE Communicator en versiones 3.15 y anteriores. Un archivo HTML malicioso que carga los controles ActiveX puede desencadenar la vulnerabilidad mediante llamadas de función no comprobadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-18 CVE Reserved
- 2018-10-02 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99580 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gigasoft Search vendor "Gigasoft" | Proessentials Search vendor "Gigasoft" for product "Proessentials" | <= 5 Search vendor "Gigasoft" for product "Proessentials" and version " <= 5" | - |
Affected
| ||||||
| Ge Search vendor "Ge" | Ge Communicator Search vendor "Ge" for product "Ge Communicator" | <= 3.15 Search vendor "Ge" for product "Ge Communicator" and version " <= 3.15" | - |
Affected
| ||||||