Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2938 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ademco Atnbaseloader100 Module

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

57.0%

top 1.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Honeywell Ademco Atnbaseloader100 Module Microsoft Internet Explorer

Timeline

PublishedMay 31

Latest updateMay 1

Description

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDhoneywell/ademco_atnbaseloader100_module5.4.0.6

▶NVDmicrosoft/internet_explorer6

🔴Vulnerability Details

GHSA

GHSA-r8g9-4v2m-5v25: Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 6 / Ademco co. ltd. ATNBaseLoader100 Module - Remote Buffer Overflow↗2007-05-26

▶