Vulnerability Details CVE-2007-2938
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.573
EPSS Ranking 98.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/36700
- http://secunia.com/advisories/25430
- http://www.securityfocus.com/bid/24172
- http://www.vupen.com/english/advisories/2007/1958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34548
- https://www.exploit-db.com/exploits/3993
- http://osvdb.org/36700
- http://secunia.com/advisories/25430
- http://www.securityfocus.com/bid/24172
- http://www.vupen.com/english/advisories/2007/1958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34548
- https://www.exploit-db.com/exploits/3993
Products affected by CVE-2007-2938
-
cpe:2.3:a:honeywell:ademco_atnbaseloader100_module:5.4.0.6
-
cpe:2.3:a:microsoft:internet_explorer:6