Lucene search

[email protected]CVE-2009-0174

HistoryJan 20, 2009 - 4:00 p.m.

CVE-2009-0174

2009-01-2016:00:08

CWE-119

[email protected]

web.nvd.nist.gov

vuplayer

buffer overflow

remote code execution

cve-2009-0174

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9 High

AI Score

Confidence

High

0.135 Low

EPSS

Percentile

95.6%

JSON

Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.

Affected configurations

NVD

Node

vuplayervuplayerMatch2.49

CPENameOperatorVersion
vuplayer:vuplayervuplayereq2.49

CPE	Name	Operator	Version
vuplayer:vuplayer	vuplayer	eq	2.49

References

securityreason.com/securityalert/4918

www.securityfocus.com/bid/33185

exchange.xforce.ibmcloud.com/vulnerabilities/47851

www.exploit-db.com/exploits/7709

www.exploit-db.com/exploits/7713

www.exploit-db.com/exploits/7714

www.exploit-db.com/exploits/7715

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9 High

AI Score

Confidence

High

0.135 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2009-0174

prion1 nvd1 cvelist1 openvas2