Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-2964

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 May, 2007 | 23:00
Updated At-07 Aug, 2024 | 13:57
Rejected At-
Credits

The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 May, 2007 | 23:00
Updated At:07 Aug, 2024 | 13:57
Rejected At:
▼CVE Numbering Authority (CNA)

The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1018149
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/25449
third-party-advisory
x_refsource_SECUNIA
http://www.f-secure.com/security/fsc-2007-4.shtml
x_refsource_CONFIRM
http://www.securityfocus.com/bid/24233
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/34584
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2007/1986
vdb-entry
x_refsource_VUPEN
http://osvdb.org/36723
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securitytracker.com/id?1018149
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/25449
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.f-secure.com/security/fsc-2007-4.shtml
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/24233
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/34584
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2007/1986
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://osvdb.org/36723
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1018149
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/25449
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.f-secure.com/security/fsc-2007-4.shtml
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/24233
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/34584
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2007/1986
vdb-entry
x_refsource_VUPEN
x_transferred
http://osvdb.org/36723
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018149
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/25449
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.f-secure.com/security/fsc-2007-4.shtml
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/24233
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/34584
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/1986
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://osvdb.org/36723
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 May, 2007 | 23:30
Updated At:29 Jul, 2017 | 01:31

The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
F-Secure Corporation
f-secure
>>policy_manager>>Versions up to 7.00(inclusive)
cpe:2.3:a:f-secure:policy_manager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/36723cve@mitre.org
N/A
http://secunia.com/advisories/25449cve@mitre.org
Patch
Vendor Advisory
http://www.f-secure.com/security/fsc-2007-4.shtmlcve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/24233cve@mitre.org
N/A
http://www.securitytracker.com/id?1018149cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/1986cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/34584cve@mitre.org
N/A
Hyperlink: http://osvdb.org/36723
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/25449
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.f-secure.com/security/fsc-2007-4.shtml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/24233
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1018149
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/1986
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/34584
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2022-28871
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 42.99%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 10:14
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-windowsatlantmacosmac_os_xAll F-Secure Endpoint Protection products on Windows and Mac F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Internet Gatekeeper F-Secure Cloud Protection for Salesforce
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2004-0830
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.07% / 76.89%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet.

Action-Not Available
Vendor-n/aF-Secure Corporation
Product-f-secure_content_scanner_serverf-secure_anti-virusinternet_gatekeepern/a
CVE-2022-28874
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.66%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:28
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Denial-of-Service (DoS) Vulnerabilities

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationWithSecure CorporationMicrosoft Corporation
Product-linux_securitycloud_protection_for_salesforceelements_endpoint_protectionatlantelements_collaboration_protectionwindowsmacosF-Secure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security 64. F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40837
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-4.6||MEDIUM
EPSS-0.25% / 48.41%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 12:10
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

Action-Not Available
Vendor-Apple Inc.F-Secure CorporationMicrosoft Corporation
Product-linux_securityelements_endpoint_protectionatlantelements_endpoint_detection_and_responsewindowssecurity_cloudmacosinternet_gatekeeperF-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud
CVE-2021-33600
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.10%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 09:06
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Action-Not Available
Vendor-F-Secure Corporation
Product-internet_gatekeeperF-Secure Internet Gatekeeper
CWE ID-CWE-617
Reachable Assertion
CVE-2021-33602
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 09:59
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability

A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

Action-Not Available
Vendor-F-Secure Corporation
Product-atlantinternet_gatekeepercloud_protectionlinux_securityF-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Cloud Protection for Salesforce
Details not found