Vulnerability Description
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Interactual Technologies | Interactual Player | 2.60.12.0717 |
| Roxio | Cineplayer | 3.2 |
References
- http://osvdb.org/37717
- http://osvdb.org/37718
- http://secunia.com/advisories/25718Vendor Advisory
- http://secunia.com/advisories/25739Vendor Advisory
- http://www.kb.cert.org/vuls/id/470913US Government Resource
- http://www.kb.cert.org/vuls/id/916897US Government Resource
- http://www.securityfocus.com/bid/24919
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35423
- http://osvdb.org/37717
- http://osvdb.org/37718
- http://secunia.com/advisories/25718Vendor Advisory
- http://secunia.com/advisories/25739Vendor Advisory
- http://www.kb.cert.org/vuls/id/470913US Government Resource
- http://www.kb.cert.org/vuls/id/916897US Government Resource
FAQ
What is CVE-2007-3829?
CVE-2007-3829 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE...
How severe is CVE-2007-3829?
CVE-2007-3829 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3829?
Check the references section above for vendor advisories and patch information. Affected products include: Interactual Technologies Interactual Player, Roxio Cineplayer.