CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2417

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile2.98th
PublishedJul 15, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.

Affected Platforms (CPE)

πŸ“¦
Progress

Openedge

= 10.1a
πŸ“¦
Progress

Openedge

= 10.1b
πŸ“¦
Progress

Progress

= 9.1e
πŸ“¦
Rsa

Ace Server

= 5.2

References & Advisories

πŸ”— http://dvlabs.tippingpoint.com/advisory/TPTI-07-12
πŸ”— http://osvdb.org/37934
πŸ”— http://secunia.com/advisories/26058
πŸ”— http://secunia.com/advisories/26067
πŸ”— http://www.securityfocus.com/archive/1/473623/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/24675
πŸ”— http://www.securitytracker.com/id?1018389
πŸ”— http://www.vupen.com/english/advisories/2007/2530

Related Vulnerabilities

CVE-2015-92459.8

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arb...

CVE-2007-25067.8

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause...

CVE-2007-34917.5

Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to hav...

CVE-2014-85555.0

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to rea...