OpenCVE

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Expression Media

Configuration 1 [-]

cpe:2.3:a:microsoft:expression_media:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/38486
http://secunia.com/advisories/27144
http://support.microsoft.com/kb/942109
http://www.securityfocus.com/bid/25996

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-16T00:00:00

Updated: 2024-08-07T15:31:59.061Z

Reserved: 2007-10-15T00:00:00

Link: CVE-2007-5470

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-16T00:17:00.000

Modified: 2024-11-21T00:37:58.133

Link: CVE-2007-5470

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-01T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27144"}, {"name": "942109", "tags": ["vendor-advisory", "x_refsource_MSKB"], "url": "http://support.microsoft.com/kb/942109"}, {"name": "25996", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25996"}, {"name": "38486", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38486"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5470", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27144", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27144"}, {"name": "942109", "refsource": "MSKB", "url": "http://support.microsoft.com/kb/942109"}, {"name": "25996", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25996"}, {"name": "38486", "refsource": "OSVDB", "url": "http://osvdb.org/38486"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:59.061Z"}, "title": "CVE Program Container", "references": [{"name": "27144", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27144"}, {"name": "942109", "tags": ["vendor-advisory", "x_refsource_MSKB", "x_transferred"], "url": "http://support.microsoft.com/kb/942109"}, {"name": "25996", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25996"}, {"name": "38486", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38486"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5470", "datePublished": "2007-10-16T00:00:00", "dateReserved": "2007-10-15T00:00:00", "dateUpdated": "2024-08-07T15:31:59.061Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:expression_media:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EF0FC1-25B7-4909-96DA-69BC897AA29C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file."}, {"lang": "es", "value": "Microsoft Expression Media almacena la contrase\u00f1a del cat\u00e1logo en texto en claro en el fichero de cat\u00e1logo IVC, lo cual permite a usuarios locales obtener informaci\u00f3n confidencial y obtener acceso al cat\u00e1logo al leer el fichero IVC."}], "id": "CVE-2007-5470", "lastModified": "2024-11-21T00:37:58.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-16T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38486"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27144"}, {"source": "cve@mitre.org", "url": "http://support.microsoft.com/kb/942109"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/kb/942109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25996"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}