Lucene search

[email protected]CVE-2007-2601

HistoryMay 11, 2007 - 10:19 a.m.

CVE-2007-2601

2007-05-1110:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2601

buffer overflow

activex control

gdivx zenith player avifixer

fix.dll

security vulnerability

8.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.098 Low

EPSS

Percentile

94.7%

JSON

Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.

CPENameOperatorVersion
divx_city:gdivx_zenith_playerdivx city gdivx zenith playereq1.2
divx_city:gdivx_zenith_playerdivx city gdivx zenith playereq1.1

CPE	Name	Operator	Version
divx_city:gdivx_zenith_player	divx city gdivx zenith player	eq	1.2
divx_city:gdivx_zenith_player	divx city gdivx zenith player	eq	1.1

References

moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html.

osvdb.org/36021

www.securityfocus.com/bid/23907

exchange.xforce.ibmcloud.com/vulnerabilities/34246

www.exploit-db.com/exploits/3889

8.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.098 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2007-2601

prion1