CVE-2007-4375

Diskeeper 9 - Info Disclosure/DoS

Title source: llm

Description

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pravus · c++remotewindows

https://www.exploit-db.com/exploits/4292

View Code ZIP pw:eip

References (9)

[Exploit] http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html

[Vendor Advisory] http://secunia.com/advisories/26431

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36007

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36008

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/476954/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25320

[Third Party Advisory, VDB Entry] http://osvdb.org/39546

[Third Party Advisory, VDB Entry] http://osvdb.org/39547

[Third Party Advisory] http://securityreason.com/securityalert/3018

Scores

EPSS 0.1349

EPSS Percentile 94.2%

Details

Status published

Products (2)

diskeeper/diskeeper 9

diskeeper/diskeeper 2007

Published Aug 16, 2007

Tracked Since Feb 18, 2026