CVE Vulnerability

CVE-2007-2079

The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/23491
http://osvdb.org/41594
https://exchange.xforce.ibmcloud.com/vulnerabilities/33683
https://www.exploit-db.com/exploits/3738
Configurations

Configuration 1

cpe:2.3:a:xampp:apache_distribution:*:*:windows:*:*:*:*:*
Information

Published : 2007-04-18 03:19

Updated : 2017-10-11 01:32

NVD link : CVE-2007-2079

Mitre link : CVE-2007-2079

Products Affected
No products.
CWE
NVD-CWE-Other