NVD

Id
56500  
Name
CVE-2007-4375  
Description
The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:P)  
Pub Date
2017-01-07  
Published
2007-08-16  
Modified Date
2008-11-15  
Seq
2007-4375  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
287858 56500 CVE-2007-4375 20070814 Remote Memory Read in Diskeeper 9 - 2007  View
287859 56500 CVE-2007-4375 3018  View
287860 56500 CVE-2007-4375 20070816 Remote Memory Read in Diskeeper 9 - 2007  View
287861 56500 CVE-2007-4375 25320  View
287862 56500 CVE-2007-4375 diskeeper-dkservice-dos(36007)  View
287863 56500 CVE-2007-4375 diskeeper-dkservice-information-disclosure(36008)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
53820 JVNDB-2007-002512 Diskeeper の管理者用インターフェースにおけるサービス運用妨害 (DoS) の脆弱性 Diskeeper の管理者用インターフェースは、TCP 上の RPC を介して memory comparison 関数を公表するため、重要な情報 (プロセスメモリコンテンツ) を取得される、およびサービス運用妨害 (アプリケーションクラッシュ) 状態となる脆弱性が存在します。 CVE-2007-4375 27730 CVE-2007-4375 56500 5.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002512.html 2007-08-16 2012-06-26 View