Vulnerability Description
Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uitv | Uiplayer | All versions |
| Baidu | Baidux | All versions |
Related Weaknesses (CWE)
References
- http://www.nsfocus.com/en/advisories/0901.html
- http://www.securityfocus.com/archive/1/507236/100/0/threaded
- http://www.nsfocus.com/en/advisories/0901.html
- http://www.securityfocus.com/archive/1/507236/100/0/threaded
FAQ
What is CVE-2009-2970?
CVE-2009-2970 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execu...
How severe is CVE-2009-2970?
CVE-2009-2970 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2970?
Check the references section above for vendor advisories and patch information. Affected products include: Uitv Uiplayer, Baidu Baidux.