PT-2007-3039 · Datarescue · Datarescue Ida Pro

Published

2007-03-24

Updated

2017-07-29

CVE-2007-1666

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: DataRescue IDA Pro versions 5.0 through 5.1

Description: The issue concerns the processor request function in the debugger server, which fails to verify authentication before invoking the perform request function. This allows remote attackers to perform unauthorized actions.

Recommendations: For DataRescue IDA Pro versions 5.0 through 5.1, consider disabling the processor request function until a patch is available to prevent unauthorized actions. Restrict access to the debugger server to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-1666

Affected Products

Datarescue Ida Pro

PT-2007-3039 · Datarescue · Datarescue Ida Pro

CVE-2007-1666

Weakness Enumeration

Related Identifiers

Affected Products

References · 9