Vulnerability Details CVE-2007-0348
Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.743
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/34314
- http://osvdb.org/34315
- http://secunia.com/advisories/23032
- http://secunia.com/advisories/23075
- http://secunia.com/advisories/24556
- http://secunia.com/secunia_research/2007-37/advisory/
- http://www.kb.cert.org/vuls/id/922969
- http://www.securityfocus.com/archive/1/463405/100/0/threaded
- http://www.securityfocus.com/bid/23071
- http://www.vupen.com/english/advisories/2007/1042
- http://www.vupen.com/english/advisories/2007/1043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33186
- http://osvdb.org/34314
- http://osvdb.org/34315
- http://secunia.com/advisories/23032
- http://secunia.com/advisories/23075
- http://secunia.com/advisories/24556
- http://secunia.com/secunia_research/2007-37/advisory/
- http://www.kb.cert.org/vuls/id/922969
- http://www.securityfocus.com/archive/1/463405/100/0/threaded
- http://www.securityfocus.com/bid/23071
- http://www.vupen.com/english/advisories/2007/1042
- http://www.vupen.com/english/advisories/2007/1043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33186
Products affected by CVE-2007-0348
-
cpe:2.3:a:interactual_technologies:interactual_player:2.60.12.0717
-
cpe:2.3:a:intervideo:windvd:7.0.27.172
-
cpe:2.3:a:roxio:cineplayer:3.2