Mitboy

Name of the Vulnerable Software and Affected Versions: Baofeng Storm versions 3.9.4.27 and prior, including versions 3.09.04.17 and earlier Description: The issue is related to a stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control. This can be exploited by providing a long argument to the `OnBeforeVideoDownload` method, allowing remote attackers to execute arbitrary code. There have been reports of this issue being exploited in the wild in April and May 2009. Recommendations: For versions 3.9.4.27 and prior, including 3.09.04.17 and earlier, consider disabling the `OnBeforeVideoDownload` method as a temporary workaround until a patch is available. Restrict access to the MPS.StormPlayer.1 ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.