CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3695

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0380%
EPSS Percentile33.15th
PublishedJul 11, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.

Affected Platforms (CPE)

πŸ“¦
Broadcom

Erwin Process Modeler

= 7.1

References & Advisories

πŸ”— http://osvdb.org/39597
πŸ”— http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf
πŸ”— http://www.securityfocus.com/bid/24817
πŸ”— http://osvdb.org/39597
πŸ”— http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf
πŸ”— http://www.securityfocus.com/bid/24817

Related Vulnerabilities

CVE-2007-54354.3

Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote at...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.