PT-2007-1819 · Intervideo+2 · Windvd+2

Published

2007-03-21

Updated

2018-10-16

CVE-2007-0348

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: InterActual Player version 2.60.12.0717 Roxio CinePlayer version 3.2 WinDVD version 7.0.27.172

Description: The issue is a stack-based buffer overflow in the IASystemInfo.dll ActiveX control. This allows remote attackers to execute arbitrary code via a long ApplicationType property.

Recommendations: For InterActual Player version 2.60.12.0717, consider disabling the IASystemInfo.dll ActiveX control until a patch is available. For Roxio CinePlayer version 3.2, restrict access to the IASystemInfo.dll ActiveX control to minimize the risk of exploitation. For WinDVD version 7.0.27.172, avoid using the ApplicationType property in the affected ActiveX control until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-0348

Affected Products

Interactual Player

Roxio Cineplayer

Windvd

PT-2007-1819 · Intervideo+2 · Windvd+2

CVE-2007-0348

Weakness Enumeration

Related Identifiers

Affected Products

References · 15