Lucene search

[email protected]CVE-2008-3877

HistorySep 02, 2008 - 3:41 p.m.

CVE-2008-3877

2008-09-0215:41:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-3877

acoustica mixcraft

buffer overflow

arbitrary code execution

user-assisted attackers

.mx4 file

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.1%

JSON

Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that version 3 is also affected.

Affected configurations

NVD

Node

acousticamixcraftMatch3.0

acousticamixcraftMatch4.1

acousticamixcraftMatch4.2

CPENameOperatorVersion
acoustica:mixcraftacoustica mixcrafteq3.0
acoustica:mixcraftacoustica mixcrafteq4.1
acoustica:mixcraftacoustica mixcrafteq4.2

CPE	Name	Operator	Version
acoustica:mixcraft	acoustica mixcraft	eq	3.0
acoustica:mixcraft	acoustica mixcraft	eq	4.1
acoustica:mixcraft	acoustica mixcraft	eq	4.2

References

secunia.com/advisories/31595

securityreason.com/securityalert/4199

www.securityfocus.com/bid/30879

www.securityfocus.com/bid/33012

exchange.xforce.ibmcloud.com/vulnerabilities/44751

www.exploit-db.com/exploits/6322

www.exploit-db.com/exploits/7577

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2008-3877

nvd1 prion1 cvelist1