CVE-2007-4375

Published Aug 16, 2007

Last updated 6 years ago

Overview

Description: The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:diskeeper:diskeeper:9:*:professional:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72086DD7-EF2C-4347-8D43-07046DB0E3B3"
          },
          {
            "criteria": "cpe:2.3:a:diskeeper:diskeeper:2007:*:pro_premier:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C0DFEEC-765C-46B5-80D2-F9913953024E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References