CVE-2007-5657

Published: Jan 16, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.

Affected (3)

Products: Tibco: Rtworks, Smartsockets Rtserver, Enterprise Message Service

Tibco

3 products

Rtworks

Smartsockets Rtserver

Enterprise Message Service

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tibco Rtworks	Up to 4.0.3
Tibco Smartsockets Rtserver	Up to 6.8.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Enterprise Message Service	All versions

Running on/with	Platform Versions
Tibco Ems Server	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640

Source: cve@mitre.org

http://secunia.com/advisories/28490

Source: cve@mitre.org

http://securitytracker.com/id?1019193

Source: cve@mitre.org

http://www.securityfocus.com/bid/27295

Source: cve@mitre.org

http://www.tibco.com/mk/advisory.jsp

Source: cve@mitre.org

http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt

Source: cve@mitre.org

http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt

Source: cve@mitre.org

http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0173

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/39707

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640