返回 CVE 瀏覽器

CVE-2007-4149

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1560%

EPSS Percentile4.16th

Published2007年8月3日

Last Modified2026年4月23日

Vulnerability Description

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.

Affected Platforms (CPE)

📦

Visionsoft

Audit

= 12.4.0.0

References & Advisories

🔗 http://osvdb.org/42462

🔗 http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt

🔗 http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt

🔗 http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt

🔗 http://www.securityfocus.com/bid/25153

🔗 http://osvdb.org/42462

🔗 http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt

🔗 http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt

相關漏洞威脅

CVE-1999-057910.0

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

CVE-2007-414810.0

Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers ...

CVE-1999-057710.0

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

CVE-2010-444910.0

Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidenti...