Vulnerability Details CVE-2007-5658
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.159
EPSS Ranking 94.4%
CVSS Severity
CVSS v2 Score 10.0
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638
- http://secunia.com/advisories/28490
- http://securitytracker.com/id?1019193
- http://www.securityfocus.com/bid/27294
- http://www.tibco.com/mk/advisory.jsp
- http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
- http://www.vupen.com/english/advisories/2008/0173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39703
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638
- http://secunia.com/advisories/28490
- http://securitytracker.com/id?1019193
- http://www.securityfocus.com/bid/27294
- http://www.tibco.com/mk/advisory.jsp
- http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
- http://www.vupen.com/english/advisories/2008/0173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39703
Products affected by CVE-2007-5658
-
cpe:2.3:a:tibco:enterprise_message_service:4.0.0
-
cpe:2.3:a:tibco:enterprise_message_service:4.1.0
-
cpe:2.3:a:tibco:enterprise_message_service:4.2.0
-
cpe:2.3:a:tibco:enterprise_message_service:4.3.0
-
cpe:2.3:a:tibco:enterprise_message_service:4.4.0
-
cpe:2.3:a:tibco:enterprise_message_service:4.4.1
-
cpe:2.3:a:tibco:rtworks:*
-
cpe:2.3:a:tibco:smartsockets_rtserver:*