Vulnerability Description
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Erwin Process Modeler | 7.1 |
References
- http://osvdb.org/39597
- http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdfVendor Advisory
- http://www.securityfocus.com/bid/24817
- http://osvdb.org/39597
- http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdfVendor Advisory
- http://www.securityfocus.com/bid/24817
FAQ
What is CVE-2007-3695?
CVE-2007-3695 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not sugge...
How severe is CVE-2007-3695?
CVE-2007-3695 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3695?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Erwin Process Modeler.