PT-2007-7326 · Microsoft+1 · Internet Explorer+1

Publicado

2007-12-20

Atualizado

2018-10-15

CVE-2007-6492

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions iMesh versions 7.1.0.x and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an Internet Explorer 7 crash, by passing an empty string in the argument to the ProcessRequestEx method. This is related to the IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll.

Recommendations For iMesh versions 7.1.0.x and earlier, consider disabling the ProcessRequestEx method as a temporary workaround until a patch is available. Restrict access to the IMWeb.IMWebControl.1 ActiveX control to minimize the risk of exploitation. Avoid using empty strings in the argument to the ProcessRequestEx method in the affected API endpoint until the issue is resolved.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2007-6492

Produtos afetados

Internet Explorer

Imesh

PT-2007-7326 · Microsoft+1 · Internet Explorer+1

CVE-2007-6492

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7