CVE-2008-1703
published 2008-04-11CVE-2008-1703: Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.76%
90.8th percentile
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tibco | adapter_files_z_os | <= 4.4.1 | — |
| tibco | hawk | <= 4.8.0 | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | iprocess_engine | — | — |
| tibco | rendezvous | <= 8.10 | — |
| tibco | rendezvous_datasecurity | <= 2.1.6 | — |
| tibco | rendezvous_tx | <= 2.04 | — |
| tibco | runtime_agent | <= 5.5.4 | — |
| tibco | substantiation_es | <= 2.4.0 | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xcfq-6r83-fvm6: Multiple buffer overflows in TIBCO Software Rendezvous before 8
ghsa_unreviewed·2022-05-01
CVE-2008-1703 [HIGH] CWE-119 GHSA-xcfq-6r83-fvm6: Multiple buffer overflows in TIBCO Software Rendezvous before 8
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/29774http://www.osvdb.org/44269http://www.securityfocus.com/bid/28717http://www.securitytracker.com/id?1019826http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txthttp://www.vupen.com/english/advisories/2008/1189/referenceshttp://www.vupen.com/english/advisories/2008/1190/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41760http://secunia.com/advisories/29774http://www.osvdb.org/44269http://www.securityfocus.com/bid/28717http://www.securitytracker.com/id?1019826http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txthttp://www.vupen.com/english/advisories/2008/1189/referenceshttp://www.vupen.com/english/advisories/2008/1190/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41760
2008-04-11
Published