CVE-2007-2564 - Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX contr

CVE-2007-2564

Summary

Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.

References

http://moaxb.blogspot.com/2007_05_06_archive.html
http://osvdb.org/34338
http://www.securityfocus.com/bid/23838
http://www.shinnai.altervista.org/moaxb/20070506/sienzo.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/34120

Vulnerable Configurations

cpe:2.3:a:sienzo:digital_music_mentor:2.6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:sienzo:digital_music_mentor:2.6.0.4:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23838
misc	http://moaxb.blogspot.com/2007_05_06_archive.html http://www.shinnai.altervista.org/moaxb/20070506/sienzo.txt
osvdb	34338
xf	sienzo-dmm-dskernel2-bo(34120)

Last major update

29-07-2017 - 01:31

Published

09-05-2007 - 18:19

Last modified

29-07-2017 - 01:31