Vulnerability Name: | CVE-2007-4254 (CCN-34600) | ||||||||
Assigned: | 2007-05-23 | ||||||||
Published: | 2007-05-23 | ||||||||
Updated: | 2017-09-29 | ||||||||
Summary: | Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. Note: this may overlap CVE-2007-2885 or CVE-2005-2127. | ||||||||
CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-2885 Source: MITRE Type: CNA CVE-2007-4254 Source: CCN Type: Microsoft Developer Network Web site Visual Database Tools Source: OSVDB Type: UNKNOWN 41080 Source: CCN Type: OSVDB ID: 3814 Multiple Unix Vendor passwd Malformed ulimit /etc/passwd Manipulation Source: CCN Type: OSVDB ID: 38140 Multiple System V derived Unix Vendor passwd Malformed ulimit /etc/passwd Manipulation Source: CCN Type: OSVDB ID: 41080 Microsoft Visual Database Tools MSVDTDatabaseDesigner7 ActiveX (VDT70.DLL) NotSafe Function Arbitrary Code Execution Source: CCN Type: BID-24127 Microsoft VDT Database Designer VDT70.DLL ActiveX Control Buffer Overflow Vulnerability Source: CCN Type: Venus Info Tech Web site Microsoft VDT Database Designer VDT70.DLL ActiveX Source: XF Type: UNKNOWN microsoft-vdt-dos(34600) Source: EXPLOIT-DB Type: UNKNOWN 4259 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |