Remote Code Execution Vulnerability in TIBCO SmartSockets and Enterprise Message Service
CVE-2007-5657

Currently unrated

Key Information:

Vendor: Tibco
Status: Smartsockets Rtserver; Rtworks
Vendor: CVE Published:; 16 January 2008

Summary

TIBCO SmartSockets RTserver 6.8.0 and earlier, along with RTworks prior to version 4.0.4, and Enterprise Message Service (EMS) versions from 4.0.0 to 4.4.1 are susceptible to a remote code execution vulnerability. Attackers can exploit this flaw by sending specially crafted requests that use manipulated values as pointer offsets, potentially leading to unauthorized execution of arbitrary code on the affected system.

References

http://www.tibco.com/resources/mk/ems_security_advisory_2...

x_refsource_CONFIRM

http://secunia.com/advisories/28490

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1019193

vdb-entryx_refsource_SECTRACK

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 16, 2008
Vulnerability Reserved
Oct 23, 2007