CVE-2007-6377
CVE-2007-6377
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (1 stars) — exploitation code widely available.
CVSS —EPSS 66.4%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
10 Dec 2007Metasploit module available
10 Dec 2007Public PoC
15 Dec 2007Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/Nicoslo/Windows-exploitation-BadBlue-2.7-CVE-2007-6377★ 1cve_referencewww.exploit-db.com/exploits/4784unverifiedexploitdbwww.exploit-db.com/exploits/4715unverifiedexploitdbwww.exploit-db.com/exploits/16806unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://aluigi.altervista.org/adv/badblue-adv.txthttp://aluigi.altervista.org/poc/badbluebof.txthttp://osvdb.org/42416http://secunia.com/advisories/28031http://securityreason.com/securityalert/3448https://www.exploit-db.com/exploits/4784http://www.securityfocus.com/archive/1/484834/100/0/threadedhttp://www.securityfocus.com/bid/26803http://www.vupen.com/english/advisories/2007/4160