CVE-2007-3815

Name of the Vulnerable Software and Affected Versions: Poslovni informator Republike Slovenije (PIRS) version 2007

Description: The issue is related to a buffer overflow in the pirs32.exe component, which can be triggered by a long search string in certain fields of the GUI. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. If PIRS is used by data-entry workers with limited access to the underlying Windows environment, this could lead to crossing privilege boundaries.

Recommendations: For PIRS version 2007, consider restricting the input length in search fields to prevent buffer overflow exploitation until a fix is available. As a temporary workaround, limit the use of the pirs32.exe component to minimize the risk of arbitrary code execution.