Security Vulnerabilities, CVEs, Published In April 2007 (Code Execution)
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
Max CVSS
10.0
EPSS Score
1.79%
Published
2007-04-30
Updated
2011-03-08
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
Max CVSS
9.3
EPSS Score
20.50%
Published
2007-04-30
Updated
2019-04-30
Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
Max CVSS
7.4
EPSS Score
91.49%
Published
2007-04-30
Updated
2017-10-11
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
Max CVSS
9.3
EPSS Score
42.80%
Published
2007-04-30
Updated
2017-10-11
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
Max CVSS
8.5
EPSS Score
4.98%
Published
2007-04-30
Updated
2017-10-11
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
Max CVSS
9.0
EPSS Score
9.30%
Published
2007-04-30
Updated
2017-07-29
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
Max CVSS
6.8
EPSS Score
4.37%
Published
2007-04-30
Updated
2022-02-07
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.
Max CVSS
10.0
EPSS Score
2.34%
Published
2007-04-30
Updated
2018-10-16
Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-04-30
Updated
2017-07-29
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
Max CVSS
7.5
EPSS Score
36.09%
Published
2007-04-27
Updated
2011-03-08
Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
10.0
EPSS Score
4.84%
Published
2007-04-27
Updated
2017-07-29
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
3.34%
Published
2007-04-26
Updated
2008-11-13
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.
Max CVSS
9.3
EPSS Score
82.01%
Published
2007-04-26
Updated
2017-07-29
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
Max CVSS
9.3
EPSS Score
55.50%
Published
2007-04-26
Updated
2017-07-29
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
Max CVSS
7.6
EPSS Score
95.63%
Published
2007-04-26
Updated
2018-10-16
Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.
Max CVSS
9.3
EPSS Score
17.14%
Published
2007-04-26
Updated
2017-10-11
Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.
Max CVSS
9.3
EPSS Score
17.14%
Published
2007-04-26
Updated
2017-10-11
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.
Max CVSS
9.3
EPSS Score
12.37%
Published
2007-04-25
Updated
2017-10-11
Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources.
Max CVSS
6.8
EPSS Score
19.25%
Published
2007-04-24
Updated
2017-10-11
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
26.27%
Published
2007-04-24
Updated
2017-10-11
CVE-2007-2193
Public exploit
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
94.07%
Published
2007-04-24
Updated
2017-10-11
Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
Max CVSS
9.3
EPSS Score
16.74%
Published
2007-04-24
Updated
2017-10-11
Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.
Max CVSS
10.0
EPSS Score
9.76%
Published
2007-04-24
Updated
2017-10-11
Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
6.8
EPSS Score
9.88%
Published
2007-04-24
Updated
2011-03-08
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
Max CVSS
10.0
EPSS Score
1.03%
Published
2007-04-24
Updated
2008-11-13