CVE-2007-6253 - OpenCVE

Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Form Client Form Designer

Configuration 1 [-]

OR	cpe:2.3:a:adobe:form_client:5.0:::::::*
	cpe:2.3:a:adobe:form_designer:5.0:::::::*

References

Link	Resource
http://secunia.com/advisories/29330	Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb08-09.html	Patch
http://www.kb.cert.org/vuls/id/362849	US Government Resource
http://www.securityfocus.com/bid/28210	Patch
http://www.securitytracker.com/id?1019601
http://www.vupen.com/english/advisories/2008/0863/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41142

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2008-03-12T00:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2007-12-05T00:00:00

Link: CVE-2007-6253

JSON object: View

NVD Information

Status : Modified

Published: 2008-03-12T00:44:00.000

Modified: 2017-08-08T01:29:02.883

Link: CVE-2007-6253

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-09.html"}, {"name": "28210", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28210"}, {"name": "29330", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29330"}, {"name": "1019601", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019601"}, {"name": "VU#362849", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/362849"}, {"name": "adobe-multiple-activex-bo(41142)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41142"}, {"name": "ADV-2008-0863", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0863/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2007-6253", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.adobe.com/support/security/bulletins/apsb08-09.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-09.html"}, {"name": "28210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28210"}, {"name": "29330", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29330"}, {"name": "1019601", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019601"}, {"name": "VU#362849", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/362849"}, {"name": "adobe-multiple-activex-bo(41142)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41142"}, {"name": "ADV-2008-0863", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0863/references"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2007-6253", "datePublished": "2008-03-12T00:00:00", "dateReserved": "2007-12-05T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:form_client:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A6E54F6-AF15-4A2E-8C46-A6E043B158D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:form_designer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBA789DC-3CDA-4613-8202-3501097D0B19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en Adobe Form Designer versi\u00f3n 5.0 y Form Client versi\u00f3n 5.0, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores desconocidos en los controles ActiveX de (1) Adobe File Dialog Button (biblioteca FileDlg.dll) y (2) Adobe Copy to Server Object (biblioteca SvrCopy.dll)."}], "id": "CVE-2007-6253", "lastModified": "2017-08-08T01:29:02.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-03-12T00:44:00.000", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29330"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-09.html"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/362849"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28210"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1019601"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0863/references"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41142"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}