CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-4983

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.183

EPSS Ranking 94.9%

CVSS Severity

CVSS v2 Score 10.0

References

http://osvdb.org/37737
http://secunia.com/advisories/26787
http://www.securityfocus.com/bid/25723
http://www.securitytracker.com/id?1018716
http://www.vupen.com/english/advisories/2007/3196
https://exchange.xforce.ibmcloud.com/vulnerabilities/36693
https://www.exploit-db.com/exploits/4427
http://osvdb.org/37737
http://secunia.com/advisories/26787
http://www.securityfocus.com/bid/25723
http://www.securitytracker.com/id?1018716
http://www.vupen.com/english/advisories/2007/3196
https://exchange.xforce.ibmcloud.com/vulnerabilities/36693
https://www.exploit-db.com/exploits/4427

Products affected by CVE-2007-4983

Cowon America » Jetaudio » Version: 7.0.3.3016

cpe:2.3:a:cowon_america:jetaudio:7.0.3.3016
Cowon America » Jetaudio » Version: 7.0.3_basic

cpe:2.3:a:cowon_america:jetaudio:7.0.3_basic

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4983

Products

Pricing

Contact Us