Lucene search

MitreCVE-2007-6411

HistoryDec 17, 2007 - 6:46 p.m.

CVE-2007-6411

2007-12-1718:46:00

CWE-119

mitre

web.nvd.nist.gov

security

buffer overflow

gg client

arbitrary code execution

denial of service

nvd

cve-2007-6411

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.9

Confidence

High

EPSS

0.032

Percentile

91.3%

JSON

Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.

Affected configurations

Nvd

Node

gadu-gadugadu-gadu_instant_messengerMatch7.7build_3669

VendorProductVersionCPE
gadu-gadugadu-gadu_instant_messenger7.7cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:7.7:build_3669:*:*:*:*:*:*

Vendor	Product	Version	CPE
gadu-gadu	gadu-gadu_instant_messenger	7.7	cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:7.7:build_3669::::::

References

securityreason.com/securityalert/3455

vexillium.org/advisory_eng.txt

www.securityfocus.com/archive/1/484077/100/200/threaded

www.securityfocus.com/archive/1/484086/100/200/threaded

www.securityfocus.com/archive/1/484105/100/200/threaded

www.securityfocus.com/archive/1/484119/100/200/threaded

www.securityfocus.com/archive/1/484122/100/200/threaded

www.securityfocus.com/archive/1/484126/100/200/threaded

www.securityfocus.com/archive/1/484607/100/0/threaded

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.9

Confidence

High

EPSS

0.032

Percentile

91.3%

JSON

Related for CVE-2007-6411