Vulnerability Description
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xunlei | Web Thunder | 5.7.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/39680
- http://secunia.com/advisories/27795Vendor Advisory
- http://www.nohack.cn/hacknews/20071119/1916.htmlExploit
- http://www.sebug.net/exploit/2575Exploit
- http://www.securityfocus.com/bid/26536
- http://www.vupen.com/english/advisories/2007/3982
- http://osvdb.org/39680
- http://secunia.com/advisories/27795Vendor Advisory
- http://www.nohack.cn/hacknews/20071119/1916.htmlExploit
- http://www.sebug.net/exploit/2575Exploit
- http://www.securityfocus.com/bid/26536
- http://www.vupen.com/english/advisories/2007/3982
FAQ
What is CVE-2007-6144?
CVE-2007-6144 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlaye...
How severe is CVE-2007-6144?
CVE-2007-6144 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6144?
Check the references section above for vendor advisories and patch information. Affected products include: Xunlei Web Thunder.