CVE-2007-0443 - Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow

CVE-2007-0443

Summary

Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters. The vendor has address this issue with the following information: http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0

References

Vulnerable Configurations

cpe:2.3:a:gracenote:cddbcontrol_activex_control:*:*:*:*:*:*:*:*
cpe:2.3:a:gracenote:cddbcontrol_activex_control:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 16-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23567
bugtraq	20070420 ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability
confirm	http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0
misc	http://www.zerodayinitiative.com/advisories/ZDI-07-021.html
osvdb	34327
sectrack	1017937
secunia	22924
vupen	ADV-2007-1475
xf	cddbcontrol-activex-bo(33773)

Last major update

16-10-2018 - 16:32

Published

24-04-2007 - 16:19

Last modified

16-10-2018 - 16:32