CVE-2008-4664

Опубликовано: 22 окт. 2008

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.

Комментарий

Version 2.1.5 of QVOD Player does not exist. The correct version is 2.5.1.

Ссылки

http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html
http://secunia.com/advisories/28494
Patch
Vendor Advisory
http://www.securityfocus.com/bid/27271
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/39675
http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html
http://secunia.com/advisories/28494
Patch
Vendor Advisory
http://www.securityfocus.com/bid/27271
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/39675

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qvod:qvod_player:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:qvod:qvod_player:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:qvod:qvod_player:2.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15435

Средний

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-3744-83r8-h28m

github

больше 3 лет назад