Vulnerability Details : CVE-2007-3314
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
Vulnerability category: OverflowExecute code
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2007-3314
Probability of exploitation activity in the next 30 days: 93.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-3314
-
Altap Salamander 2.5 PE Viewer Buffer Overflow
Disclosure Date: 2007-06-19First seen: 2020-04-26exploit/windows/fileformat/altap_salamander_pdbThis module exploits a buffer overflow in Altap Salamander <= v2.5. By creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander, the PDB file string is copied onto th
CVSS scores for CVE-2007-3314
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
nvd@nist.gov |
References for CVE-2007-3314
-
http://vuln.sg/salamander25-en.html
[vuln.sg] Altap Salamander PE Viewer Buffer Overflow VulnerabilityExploit
-
http://www.vupen.com/english/advisories/2007/2268
-
http://www.securityfocus.com/bid/24557
Altap Servant Salamander PE File Handling Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34938
Products affected by CVE-2007-3314
- cpe:2.3:a:altap:portable_executable_viewer:2.02:*:english_trial:*:*:*:*:*
- cpe:2.3:a:altap:portable_executable_viewer:1.00:*:english_trial:*:*:*:*:*
- cpe:2.3:a:altap:servant_salamander:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:altap:servant_salamander:2.0:*:*:*:*:*:*:*