Arbitrary Code Execution Vulnerability in TIBCO SmartSockets RTserver and EMS
CVE-2007-5655

Currently unrated

Key Information:

Vendor: Tibco
Status: Smartsockets Rtserver; Rtworks
Vendor: CVE Published:; 16 January 2008

Summary

The TIBCO SmartSockets RTserver, along with other vulnerable products such as RTworks and Enterprise Message Service (EMS), has a significant security flaw allowing remote attackers to execute arbitrary code. This vulnerability arises when crafted requests are sent with manipulated values acting as pointers, leading to unauthorized execution of code. Consequently, this could allow attackers to gain control over affected systems, highlighting the necessity for immediate updates and security measures to mitigate potential risks.

References

http://www.tibco.com/resources/mk/ems_security_advisory_2...

x_refsource_CONFIRM

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://secunia.com/advisories/28490

third-party-advisoryx_refsource_SECUNIA

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 16, 2008
Vulnerability Reserved
Oct 23, 2007