Vulnerability Description
Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bakbone | Netvault Reporter | <= 3.5update3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/26222PatchVendor Advisory
- http://securityreason.com/securityalert/2954
- http://www.securityfocus.com/archive/1/474626/100/0/threaded
- http://www.securityfocus.com/bid/25068
- http://www.securitytracker.com/id?1018460
- http://www.vupen.com/english/advisories/2007/2658
- http://www.zerodayinitiative.com/advisories/ZDI-07-044.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35588
- http://secunia.com/advisories/26222PatchVendor Advisory
- http://securityreason.com/securityalert/2954
- http://www.securityfocus.com/archive/1/474626/100/0/threaded
- http://www.securityfocus.com/bid/25068
- http://www.securitytracker.com/id?1018460
- http://www.vupen.com/english/advisories/2007/2658
- http://www.zerodayinitiative.com/advisories/ZDI-07-044.html
FAQ
What is CVE-2007-3911?
CVE-2007-3911 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attacke...
How severe is CVE-2007-3911?
CVE-2007-3911 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3911?
Check the references section above for vendor advisories and patch information. Affected products include: Bakbone Netvault Reporter.