CVE-2007-5397 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2007-5397?

CVE-2007-5397 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-5397?

Check the references section above for vendor advisories and patch information. Affected products include: Activepdf Server.

Vulnerability Description

Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Activepdf	Server	<= 3.8.4

Related Weaknesses (CWE)

CWE-119

References

http://secunia.com/advisories/27371Vendor Advisory
http://secunia.com/secunia_research/2007-87/advisory/Vendor Advisory
http://www.securityfocus.com/bid/28013
http://secunia.com/advisories/27371Vendor Advisory
http://secunia.com/secunia_research/2007-87/advisory/Vendor Advisory
http://www.securityfocus.com/bid/28013

FAQ

What is CVE-2007-5397?

CVE-2007-5397 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute ar...

How severe is CVE-2007-5397?

CVE-2007-5397 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5397?

Check the references section above for vendor advisories and patch information. Affected products include: Activepdf Server.