Lucene search

[email protected]CVE-2007-3829

HistoryJul 17, 2007 - 9:30 p.m.

CVE-2007-3829

2007-07-1721:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3829

buffer overflow

interactual player

roxio cineplayer

remote code execution

activex control

iamce.dll

iakey.dll

nvd

7.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.296 Low

EPSS

Percentile

96.9%

JSON

Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CPENameOperatorVersion
roxio:cineplayerroxio cineplayereq3.2
interactual_technologies:interactual_playerinteractual technologies interactual playereq2.60.12.0717

CPE	Name	Operator	Version
roxio:cineplayer	roxio cineplayer	eq	3.2
interactual_technologies:interactual_player	interactual technologies interactual player	eq	2.60.12.0717

References

osvdb.org/37717

osvdb.org/37718

secunia.com/advisories/25718

secunia.com/advisories/25739

www.kb.cert.org/vuls/id/470913

www.kb.cert.org/vuls/id/916897

www.securityfocus.com/bid/24919

exchange.xforce.ibmcloud.com/vulnerabilities/35422

exchange.xforce.ibmcloud.com/vulnerabilities/35423

Social References

7.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.296 Low

EPSS

Percentile

96.9%

JSON

Related for CVE-2007-3829

cert2 prion1 kaspersky1