Lucene search

[email protected]CVE-2007-5064

HistorySep 24, 2007 - 10:17 p.m.

CVE-2007-5064

2007-09-2422:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-5064

buffer overflow

xunlei web thunder

activex control

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.244 Low

EPSS

Percentile

96.6%

JSON

Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

xunleiweb_thunderMatch5.6.9.344

CPENameOperatorVersion
xunlei:web_thunderxunlei web thundereq5.6.9.344

CPE	Name	Operator	Version
xunlei:web_thunder	xunlei web thunder	eq	5.6.9.344

References

1v1.name/show-283-1.html

osvdb.org/37777

secunia.com/advisories/26964

www.securityfocus.com/bid/25751

www.vupen.com/english/advisories/2007/3309

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.244 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2007-5064

cvelist1 nvd1 prion1