CVE-2007-2564

Name of the Vulnerable Software and Affected Versions Sienzo Digital Music Mentor (DMM) version 2.6.0.4

Description The issue is related to multiple stack-based buffer overflows in the DSKernel2.dll ActiveX control. This allows remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.

Recommendations For version 2.6.0.4, as a temporary workaround, consider disabling the LockModules and UnlockModule functions until a patch is available. Restrict access to the DSKernel2.dll ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.