Vulnerabilities > CVE-2007-2137 - Heap Buffer Overflow vulnerability in IBM Tivoli Monitoring Express 6.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://secunia.com/advisories/24938
- http://securityreason.com/securityalert/2597
- http://www.securityfocus.com/archive/1/466216/100/0/threaded
- http://www.securityfocus.com/bid/23558
- http://www.securitytracker.com/id?1017933
- http://www.vupen.com/english/advisories/2007/1456
- http://www.zerodayinitiative.com/advisories/ZDI-07-018.html
- http://www-1.ibm.com/support/docview.wss?uid=swg24012341
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33746