CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-2417

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile2.98th
Published2007年7月15日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.

Affected Platforms (CPE)

📦
Progress

Openedge

= 10.1a
📦
Progress

Openedge

= 10.1b
📦
Progress

Progress

= 9.1e
📦
Rsa

Ace Server

= 5.2

References & Advisories

🔗 http://dvlabs.tippingpoint.com/advisory/TPTI-07-12
🔗 http://osvdb.org/37934
🔗 http://secunia.com/advisories/26058
🔗 http://secunia.com/advisories/26067
🔗 http://www.securityfocus.com/archive/1/473623/100/0/threaded
🔗 http://www.securityfocus.com/bid/24675
🔗 http://www.securitytracker.com/id?1018389
🔗 http://www.vupen.com/english/advisories/2007/2530

関連する脆弱性情報

CVE-2015-92459.8

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arb...

CVE-2007-25067.8

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause...

CVE-2007-34917.5

Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to hav...

CVE-2014-85555.0

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to rea...