CVE-2007-4375

critical

Description

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36008

https://exchange.xforce.ibmcloud.com/vulnerabilities/36007

http://www.securityfocus.com/bid/25320

http://www.securityfocus.com/archive/1/476954/100/0/threaded

http://securityreason.com/securityalert/3018

http://secunia.com/advisories/26431

http://osvdb.org/39547

http://osvdb.org/39546

Details

Source: Mitre, NVD

Published: 2007-08-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical

EPSS

EPSS: 0.03384