Lucene search

[email protected]CVE-2007-4032

HistoryJul 27, 2007 - 10:30 p.m.

CVE-2007-4032

2007-07-2722:30:00

[email protected]

web.nvd.nist.gov

cve-2007-4032

buffer overflow

crystalplayer pro

arbitrary code execution

remote attackers

user-assisted

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file.

Affected configurations

NVD

Node

crystal_reality_llccrystalplayer_proMatch1.98

CPENameOperatorVersion
crystal_reality_llc:crystalplayer_procrystal reality llc crystalplayer proeq1.98

CPE	Name	Operator	Version
crystal_reality_llc:crystalplayer_pro	crystal reality llc crystalplayer pro	eq	1.98

References

osvdb.org/38689

secunia.com/advisories/26198

www.securityfocus.com/bid/25083

exchange.xforce.ibmcloud.com/vulnerabilities/35625

www.exploit-db.com/exploits/4229

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2007-4032

cvelist1 nvd1 prion1