CVE Vulnerability

CVE-2007-0174

Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://secway.org/advisory/ad20070109EN.txt Exploit Vendor Advisory
http://secunia.com/advisories/23638 Vendor Advisory
http://www.securityfocus.com/bid/21958
http://osvdb.org/32659
http://www.vupen.com/english/advisories/2007/0093
http://marc.info/?l=full-disclosure&m=116832852700467&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/31350
https://exchange.xforce.ibmcloud.com/vulnerabilities/31348
http://www.securityfocus.com/archive/1/456378/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:sina:sina:uc2006:*:*:*:*:*:*:*
Information

Published : 2007-01-11 12:28

Updated : 2018-10-16 04:31

NVD link : CVE-2007-0174

Mitre link : CVE-2007-0174

Products Affected
No products.
CWE
NVD-CWE-Other