Vulnerability Description
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Monitoring Express | 6.1.0 |
References
- http://secunia.com/advisories/24938
- http://securityreason.com/securityalert/2597
- http://www-1.ibm.com/support/docview.wss?uid=swg24012341Patch
- http://www.securityfocus.com/archive/1/466216/100/0/threaded
- http://www.securityfocus.com/bid/23558Patch
- http://www.securitytracker.com/id?1017933
- http://www.vupen.com/english/advisories/2007/1456
- http://www.zerodayinitiative.com/advisories/ZDI-07-018.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33746
- http://secunia.com/advisories/24938
- http://securityreason.com/securityalert/2597
- http://www-1.ibm.com/support/docview.wss?uid=swg24012341Patch
- http://www.securityfocus.com/archive/1/466216/100/0/threaded
- http://www.securityfocus.com/bid/23558Patch
- http://www.securitytracker.com/id?1017933
FAQ
What is CVE-2007-2137?
CVE-2007-2137 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows rem...
How severe is CVE-2007-2137?
CVE-2007-2137 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2137?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Monitoring Express.