Vulnerability Description
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Move Networks Inc | Move Media Player | All versions |
| Move Networks Inc | Qunatum Streaming Player | 7.7.4_39 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060460.html
- http://secunia.com/advisories/29108Vendor Advisory
- http://www.securityfocus.com/bid/27995
- http://www.vupen.com/english/advisories/2008/0684
- https://www.exploit-db.com/exploits/5190
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060460.html
- http://secunia.com/advisories/29108Vendor Advisory
- http://www.securityfocus.com/bid/27995
- http://www.vupen.com/english/advisories/2008/0684
- https://www.exploit-db.com/exploits/5190
FAQ
What is CVE-2008-1044?
CVE-2008-1044 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Medi...
How severe is CVE-2008-1044?
CVE-2008-1044 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1044?
Check the references section above for vendor advisories and patch information. Affected products include: Move Networks Inc Move Media Player, Move Networks Inc Qunatum Streaming Player.