CVE-2007-0111

Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/	Vendor Advisory
http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution	Vendor Advisory
http://www.securityfocus.com/bid/21920	Vendor Advisory
http://secunia.com/advisories/23658	Vendor Advisory
http://osvdb.org/32644
http://www.vupen.com/english/advisories/2007/0072

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:resco:photo_viewer:4.11:::::::*
	cpe:2.3:a:resco:photo_viewer:6.11:::::::*

Information

Published : 2007-01-08 16:28

Updated : 2011-03-07 18:48

NVD link : CVE-2007-0111

Mitre link : CVE-2007-0111

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

resco

photo_viewer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/", "name": "http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution", "name": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/21920", "name": "21920", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23658", "name": "23658", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/32644", "name": "32644", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0072", "name": "ADV-2007-0072", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0111", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}}, "publishedDate": "2007-01-09T00:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:resco:photo_viewer:4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:resco:photo_viewer:6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:48Z"}