CVE-2007-2137

critical

Description

Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33746

http://www.zerodayinitiative.com/advisories/ZDI-07-018.html

http://www.vupen.com/english/advisories/2007/1456

http://www.securitytracker.com/id?1017933

http://www.securityfocus.com/bid/23558

http://www.securityfocus.com/archive/1/466216/100/0/threaded

http://www-1.ibm.com/support/docview.wss?uid=swg24012341

http://securityreason.com/securityalert/2597

http://secunia.com/advisories/24938

Details

Source: Mitre, NVD

Published: 2007-04-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.07735