Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
BID:25312
Info
Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
| Bugtraq ID: | 25312 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0319 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | The vendor reported these issues. The fix for these issues was coordinated with Microsoft. |
| Vulnerable: |
Motive Incorporated Service Activation Manager 5.1 Motive Incorporated Self Service Manager 5.1 |
| Not Vulnerable: | |
Discussion
Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
Motive Service Activation Manager and Service Manager are prone to multiple remote code-execution vulnerabilities.
An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Motive Service Activation Manager and Service Manager are prone to multiple remote code-execution vulnerabilities.
An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Exploit / POC
Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
Solution:
The vendor released an update to address these issues. Please see the references for more information.
Solution:
The vendor released an update to address these issues. Please see the references for more information.
References
Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
References:
References:
- Microsoft Support Document 240797 (Microsoft)
- Motive Incorporated Home Page (Motive Incorporated)
- Vulnerability Note VU#747233 (US-CERT)
- Microsoft Security Bulletin MS07-045 (Microsoft)
- Motive Security Bulletin August 12 2007 version 1 (Motive Incorporated)