Vulnerability Description
The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Diskeeper | Diskeeper | 9 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.htmlExploit
- http://osvdb.org/39546
- http://osvdb.org/39547
- http://secunia.com/advisories/26431Vendor Advisory
- http://securityreason.com/securityalert/3018
- http://www.securityfocus.com/archive/1/476954/100/0/threaded
- http://www.securityfocus.com/bid/25320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36008
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.htmlExploit
- http://osvdb.org/39546
- http://osvdb.org/39547
- http://secunia.com/advisories/26431Vendor Advisory
- http://securityreason.com/securityalert/3018
- http://www.securityfocus.com/archive/1/476954/100/0/threaded
FAQ
What is CVE-2007-4375?
CVE-2007-4375 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote a...
How severe is CVE-2007-4375?
CVE-2007-4375 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4375?
Check the references section above for vendor advisories and patch information. Affected products include: Diskeeper Diskeeper.