PT-2007-5940 · Transperfect · Globallink

Void

Published

2007-09-11

Updated

2017-09-29

CVE-2007-4802

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: GlobalLink version 2.7.0.8

Description: The issue is related to multiple heap-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll.

Recommendations: For GlobalLink version 2.7.0.8, consider disabling the SetInfo and SetClientInfo methods in the affected ActiveX controls until a patch is available. Restrict access to the glItemCom.dll and glitemflat.dll modules to minimize the risk of exploitation. Avoid using long arguments in the SetInfo and SetClientInfo methods until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-4802

Affected Products

Globallink

PT-2007-5940 · Transperfect · Globallink

CVE-2007-4802

Weakness Enumeration

Related Identifiers

Affected Products

References · 9