Lucene search

[email protected]CVE-2008-4384

HistoryOct 07, 2008 - 8:00 p.m.

CVE-2008-4384

2008-10-0720:00:17

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4384

buffer overflow

mgi software

lpviewer

activex

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.611 Medium

EPSS

Percentile

97.8%

JSON

Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

Affected configurations

NVD

Node

iseemedialpviewer

mgi_softwarelpviewer

roxiolpviewer

CPENameOperatorVersion
iseemedia:lpvieweriseemedia lpviewereq*
mgi_software:lpviewermgi software lpviewereq*
roxio:lpviewerroxio lpviewereq*

CPE	Name	Operator	Version
iseemedia:lpviewer	iseemedia lpviewer	eq	*
mgi_software:lpviewer	mgi software lpviewer	eq	*
roxio:lpviewer	roxio lpviewer	eq	*

References

secunia.com/advisories/32140

www.kb.cert.org/vuls/id/848873

www.securityfocus.com/bid/31604

www.vupen.com/english/advisories/2008/2749

exchange.xforce.ibmcloud.com/vulnerabilities/45699

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.611 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2008-4384

packetstorm1 seebug1 cert1 saint4 prion1 nvd1 nessus1 checkpoint_advisories1 cvelist1