CVE-2008-4384 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Iseemedia	Lpviewer	All versions
Mgi Software	Lpviewer	All versions
Roxio	Lpviewer	All versions

Related Weaknesses (CWE)

CWE-119

References

http://secunia.com/advisories/32140Vendor Advisory
http://www.kb.cert.org/vuls/id/848873US Government Resource
http://www.securityfocus.com/bid/31604
http://www.vupen.com/english/advisories/2008/2749
https://exchange.xforce.ibmcloud.com/vulnerabilities/45699
http://secunia.com/advisories/32140Vendor Advisory
http://www.kb.cert.org/vuls/id/848873US Government Resource
http://www.securityfocus.com/bid/31604
http://www.vupen.com/english/advisories/2008/2749
https://exchange.xforce.ibmcloud.com/vulnerabilities/45699

FAQ

What is CVE-2008-4384?

CVE-2008-4384 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2...

How severe is CVE-2008-4384?

CVE-2008-4384 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-4384?

Check the references section above for vendor advisories and patch information. Affected products include: Iseemedia Lpviewer, Mgi Software Lpviewer, Roxio Lpviewer.