Vulnerability Details : CVE-2007-2137
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2007-2137
Probability of exploitation activity in the next 30 days: 90.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-2137
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2007-2137
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33746
-
http://www.securityfocus.com/archive/1/466216/100/0/threaded
-
http://www-1.ibm.com/support/docview.wss?uid=swg24012341
Patch
-
http://www.securityfocus.com/bid/23558
Patch
-
http://www.vupen.com/english/advisories/2007/1456
-
http://www.zerodayinitiative.com/advisories/ZDI-07-018.html
Vendor Advisory
-
http://www.securitytracker.com/id?1017933
-
http://securityreason.com/securityalert/2597
Products affected by CVE-2007-2137
- cpe:2.3:a:ibm:tivoli_monitoring_express:6.1.0:*:*:*:*:*:*:*