Vulnerability Description
Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Interactual Technologies | Interactual Player | 2.60.12.0717 |
| Intervideo | Windvd | 7.0.27.172 |
| Roxio | Cineplayer | 3.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/34314
- http://osvdb.org/34315
- http://secunia.com/advisories/23032Vendor Advisory
- http://secunia.com/advisories/23075Vendor Advisory
- http://secunia.com/advisories/24556Vendor Advisory
- http://secunia.com/secunia_research/2007-37/advisory/Vendor Advisory
- http://www.kb.cert.org/vuls/id/922969US Government Resource
- http://www.securityfocus.com/archive/1/463405/100/0/threaded
- http://www.securityfocus.com/bid/23071
- http://www.vupen.com/english/advisories/2007/1042Vendor Advisory
- http://www.vupen.com/english/advisories/2007/1043Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33186
- http://osvdb.org/34314
- http://osvdb.org/34315
- http://secunia.com/advisories/23032Vendor Advisory
FAQ
What is CVE-2007-0348?
CVE-2007-0348 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote ...
How severe is CVE-2007-0348?
CVE-2007-0348 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0348?
Check the references section above for vendor advisories and patch information. Affected products include: Interactual Technologies Interactual Player, Intervideo Windvd, Roxio Cineplayer.