Sign-up

ID

VAR-200703-0462


CVE

CVE-2007-1557


TITLE

F-Secure Anti-Virus Client Security Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001719

DESCRIPTION

Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed. F-Secure Anti-Virus Client Security is a real-time virus monitoring and protection system on the PC platform, supporting all WINDOWS systems

Trust: 1.98

sources: NVD: CVE-2007-1557 // JVNDB: JVNDB-2007-001719 // BID: 23023 // VULHUB: VHN-24919

AFFECTED PRODUCTS

vendor:f securemodel:f-secure anti-virusscope:eqversion:6.02

Trust: 1.6

vendor:f securemodel:f-secure anti-virusscope:eqversion:client security 6.02

Trust: 0.8

vendor:f securemodel:anti-virus client securityscope:eqversion:6.03

Trust: 0.3

vendor:f securemodel:anti-virus client securityscope:eqversion:6.02

Trust: 0.3

sources: BID: 23023 // JVNDB: JVNDB-2007-001719 // CNNVD: CNNVD-200703-440 // NVD: CVE-2007-1557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1557
value: HIGH

Trust: 1.0

NVD: CVE-2007-1557
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200703-440
value: HIGH

Trust: 0.6

VULHUB: VHN-24919
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-1557
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24919
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24919 // JVNDB: JVNDB-2007-001719 // CNNVD: CNNVD-200703-440 // NVD: CVE-2007-1557

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1557

THREAT TYPE

local

Trust: 0.9

sources: BID: 23023 // CNNVD: CNNVD-200703-440

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200703-440

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001719

PATCH
title:Top Pageurl:http://www.f-secure.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001719

EXTERNAL IDS
db:NVDid:CVE-2007-1557
Trust: 2.5
db:BIDid:23023
Trust: 2.0
db:VUPENid:ADV-2007-1055
Trust: 1.7
db:OSVDBid:34764
Trust: 1.7
db:SREASONid:2472
Trust: 1.7
db:JVNDBid:JVNDB-2007-001719
Trust: 0.8
db:CNNVDid:CNNVD-200703-440
Trust: 0.7
db:BUGTRAQid:20070319 LAYERED DEFENSE RESEARCH ADVISORY: F-SECURE ANTI-VIRUS CLIENT SECURITY 6.02 FORMAT STRING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-24919
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24919 // 
            
            
            
            BID: 23023 // 
            
            
            
            JVNDB: JVNDB-2007-001719 // 
            
            
            
            CNNVD: CNNVD-200703-440 // 
            
            
            
            NVD: CVE-2007-1557

REFERENCES
url:http://www.securityfocus.com/bid/23023
Trust: 1.7
url:http://www.layereddefense.com/f-securemar18.html
Trust: 1.7
url:http://osvdb.org/34764
Trust: 1.7
url:http://securityreason.com/securityalert/2472
Trust: 1.7
url:http://www.securityfocus.com/archive/1/463190/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/1055
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1557
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1557
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/463190/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1055
Trust: 0.6
url:http://www.f-secure.com/cs/
Trust: 0.3
url:http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-cs-hotfixes.shtml
Trust: 0.3
url:/archive/1/463190
Trust: 0.3
sources:
            
            
            VULHUB: VHN-24919 // 
            
            
            
            BID: 23023 // 
            
            
            
            JVNDB: JVNDB-2007-001719 // 
            
            
            
            CNNVD: CNNVD-200703-440 // 
            
            
            
            NVD: CVE-2007-1557

CREDITS
Deral Heiland※http://www.layereddefense.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200703-440

SOURCES
db:VULHUBid:VHN-24919
db:BIDid:23023
db:JVNDBid:JVNDB-2007-001719
db:CNNVDid:CNNVD-200703-440
db:NVDid:CVE-2007-1557

LAST UPDATE DATE
2025-04-10T23:24:25.671000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-24919date:2018-10-16T00:00:00
db:BIDid:23023date:2007-03-19T21:24:00
db:JVNDBid:JVNDB-2007-001719date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200703-440date:2007-03-22T00:00:00
db:NVDid:CVE-2007-1557date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-24919date:2007-03-21T00:00:00
db:BIDid:23023date:2007-03-19T00:00:00
db:JVNDBid:JVNDB-2007-001719date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200703-440date:2007-03-20T00:00:00
db:NVDid:CVE-2007-1557date:2007-03-21T01:19:00