CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2489

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0380%
EPSS Percentile0.93th
PublishedMay 3, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.

Affected Platforms (CPE)

πŸ“¦
Livedata

Protocol Server

<= 5.00.045

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=523
πŸ”— http://osvdb.org/35529
πŸ”— http://secunia.com/advisories/25076
πŸ”— http://www.kb.cert.org/vuls/id/213516
πŸ”— http://www.securityfocus.com/bid/23773
πŸ”— http://www.securitytracker.com/id?1017998
πŸ”— http://www.vupen.com/english/advisories/2007/1633
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/34031

Related Vulnerabilities

CVE-2002-135910.0

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause ...

CVE-2021-224810.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...

CVE-2002-135710.0

Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allo...