Lucene search

[email protected]NVD:CVE-2007-5064

HistorySep 24, 2007 - 10:17 p.m.

CVE-2007-5064

2007-09-2422:17:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.244

Percentile

96.6%

JSON

Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

xunleiweb_thunderMatch5.6.9.344

VendorProductVersionCPE
xunleiweb_thunder5.6.9.344cpe:2.3:a:xunlei:web_thunder:5.6.9.344:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xunlei	web_thunder	5.6.9.344	cpe:2.3:a:xunlei:web_thunder:5.6.9.344:::::::*

References

1v1.name/show-283-1.html

osvdb.org/37777

secunia.com/advisories/26964

www.securityfocus.com/bid/25751

www.vupen.com/english/advisories/2007/3309

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.244

Percentile

96.6%

JSON

Related for NVD:CVE-2007-5064

cvelist1 cve1 prion1 exploitdb1