4 matches found
UiPlayer UiCheck组件栈溢出漏洞
CVE ID: CVE-2009-2970 UiPlayer网络视频播放软件是联合网视(UITV)公司的视频播放软件。 UiPlayer的安装目录下的UiCheck.dll是一个ActiveX控件,该控件允许在IE中加载。UiCheck.dll提供了一个接口函数 GetUiDllVersion,该函数会把接收到的文件名参数拷贝到一个固定大小的缓冲区,如果文件名超长,就会导致栈溢出。 因为和百度等公司的合作,很多视频播放软件中也集成了UiPlayer,例如百度下吧等。 UiTV UiPlayer UiCheck.dll 1.0.0.6 Baidu BaiduV 临时解决方法:...
CVE-2009-2970
CVE-2009-2970 affects UiTV UiPlayer’s UiCheck.dll (ActiveX) prior to version 1.0.0.7. The GetUiDllVersion function copies the filename parameter into a fixed-size buffer, and long filenames trigger a stack-based buffer overflow. This could allow remote code execution via crafted input delivered t...
NSFOCUS SA2009-01 : UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability
NSFOCUS Security Advisory SA2009-01 UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability Release Date: 2009-10-16 CVE ID: CVE-2009-2970 http://www.nsfocus.com/en/advisories/0901.html Affected system: ============== UiTV UiPlayer UiCheck.dll 1.0.0.6 and prior versions Unaffected...
KLA10374 ACE vulnerability in UiTV UiPlayer
A buffer overflow was found in UiTV UiPlayer. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed filename parameter. Original advisories - Related products UiTV-UiPlayer CVE list CVE-2009-2970 critical...