Remote Code Execution Vulnerability in TIBCO SmartSockets and Enterprise Message Service
CVE-2007-5657

Currently unrated

Key Information:

Vendor

Tibco
Status
Smartsockets Rtserver
Rtworks
Vendor
CVE Published:
16 January 2008

What is CVE-2007-5657?

TIBCO SmartSockets RTserver 6.8.0 and earlier, along with RTworks prior to version 4.0.4, and Enterprise Message Service (EMS) versions from 4.0.0 to 4.4.1 are susceptible to a remote code execution vulnerability. Attackers can exploit this flaw by sending specially crafted requests that use manipulated values as pointer offsets, potentially leading to unauthorized execution of arbitrary code on the affected system.

References

http://www.tibco.com/resources/mk/ems_security_advisory_2...
x_refsource_CONFIRM
http://secunia.com/advisories/28490
third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1019193
vdb-entryx_refsource_SECTRACK

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.