Vulnerabilites related to baofeng - storm
CVE-2009-1612 (GCVE-0-2009-1612)
Vulnerability from cvelistv5
Published
2009-05-11 20:00
Modified
2024-08-07 05:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/8579 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/34789 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34944 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisrt.org/enblog/read.php?245 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8579"
},
{
"name": "34789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34789"
},
{
"name": "34944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cisrt.org/enblog/read.php?245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8579"
},
{
"name": "34789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34789"
},
{
"name": "34944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cisrt.org/enblog/read.php?245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8579",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8579"
},
{
"name": "34789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34789"
},
{
"name": "34944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34944"
},
{
"name": "http://www.cisrt.org/enblog/read.php?245",
"refsource": "MISC",
"url": "http://www.cisrt.org/enblog/read.php?245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1612",
"datePublished": "2009-05-11T20:00:00",
"dateReserved": "2009-05-11T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2617 (GCVE-0-2009-2617)
Vulnerability from cvelistv5
Published
2009-07-27 18:00
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=124624413120440&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/35512 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35592 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=full-disclosure&m=124627617220913&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090628 Baofeng Media Player playlist stack overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124624413120440\u0026w=2"
},
{
"name": "35512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35512"
},
{
"name": "35592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35592"
},
{
"name": "20090629 Re: Baofeng Media Player playlist stack overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124627617220913\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-27T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090628 Baofeng Media Player playlist stack overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124624413120440\u0026w=2"
},
{
"name": "35512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35512"
},
{
"name": "35592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35592"
},
{
"name": "20090629 Re: Baofeng Media Player playlist stack overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124627617220913\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090628 Baofeng Media Player playlist stack overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=124624413120440\u0026w=2"
},
{
"name": "35512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35512"
},
{
"name": "35592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35592"
},
{
"name": "20090629 Re: Baofeng Media Player playlist stack overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=124627617220913\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2617",
"datePublished": "2009-07-27T18:00:00Z",
"dateReserved": "2009-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:51.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1807 (GCVE-0-2009-1807)
Vulnerability from cvelistv5
Published
2009-05-28 20:14
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1392 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisrt.org/enblog/read.php?245 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cisrt.org/enblog/read.php?245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1392",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cisrt.org/enblog/read.php?245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1392"
},
{
"name": "http://www.cisrt.org/enblog/read.php?245",
"refsource": "MISC",
"url": "http://www.cisrt.org/enblog/read.php?245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1807",
"datePublished": "2009-05-28T20:14:00",
"dateReserved": "2009-05-28T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4816 (GCVE-0-2007-4816)
Vulnerability from cvelistv5
Published
2007-09-11 19:00
Modified
2024-08-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/40491 | vdb-entry, x_refsource_OSVDB | |
| http://www.milw0rm.com/sploits/09082007-storm.zip | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36542 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36543 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/26749 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36540 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25601 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/4375 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2007/3111 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.milw0rm.com/sploits/09082007-storm.zip"
},
{
"name": "baofeng-isdvdpath-bo(36542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36542"
},
{
"name": "baofeng-backimage-titleimage-bo(36543)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36543"
},
{
"name": "26749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26749"
},
{
"name": "baofeng-mpsstormplayer-bo(36540)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36540"
},
{
"name": "25601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25601"
},
{
"name": "4375",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4375"
},
{
"name": "ADV-2007-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.milw0rm.com/sploits/09082007-storm.zip"
},
{
"name": "baofeng-isdvdpath-bo(36542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36542"
},
{
"name": "baofeng-backimage-titleimage-bo(36543)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36543"
},
{
"name": "26749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26749"
},
{
"name": "baofeng-mpsstormplayer-bo(36540)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36540"
},
{
"name": "25601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25601"
},
{
"name": "4375",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4375"
},
{
"name": "ADV-2007-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40491",
"refsource": "OSVDB",
"url": "http://osvdb.org/40491"
},
{
"name": "http://www.milw0rm.com/sploits/09082007-storm.zip",
"refsource": "MISC",
"url": "http://www.milw0rm.com/sploits/09082007-storm.zip"
},
{
"name": "baofeng-isdvdpath-bo(36542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36542"
},
{
"name": "baofeng-backimage-titleimage-bo(36543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36543"
},
{
"name": "26749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26749"
},
{
"name": "baofeng-mpsstormplayer-bo(36540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36540"
},
{
"name": "25601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25601"
},
{
"name": "4375",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4375"
},
{
"name": "ADV-2007-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4816",
"datePublished": "2007-09-11T19:00:00",
"dateReserved": "2007-09-11T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4943 (GCVE-0-2007-4943)
Vulnerability from cvelistv5
Published
2007-09-18 19:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29274 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3111 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29274"
},
{
"name": "ADV-2007-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-05-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29274"
},
{
"name": "ADV-2007-3111",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29274"
},
{
"name": "ADV-2007-3111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4943",
"datePublished": "2007-09-18T19:00:00",
"dateReserved": "2007-09-18T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-09-18 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:baofeng:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF4554F-843C-4575-9D51-477E389BB59F",
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en un cierto controlador ActiveX en sparser.dll en Baofeng Storm 2.8 y anteriores, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ciertas entradas mal formadas en un grupo de argumentos desconocido o valores propios, una DLL diferente que CVE-2007-4816. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles proviene de terceras fuentes de informaci\u00f3n."
}
],
"id": "CVE-2007-4943",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-18T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29274"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3111"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-28 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:baofeng:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "562E2843-2197-4945-8141-DC06F55D6F30",
"versionEndIncluding": "3.09.04.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F52CD8D-3166-4A06-BB43-B7DEE653FBDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_10:*:*:*:*:*:*:*",
"matchCriteriaId": "BD543322-FB0F-45E0-9E93-347425B470BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF09EE7-F241-4EDE-8266-FD2413C6E1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93399125-BFCD-4EEC-B187-3E89A8DB82D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Config.dll en productos Baofeng v3.09.04.17 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n llamando al m\u00e9todo SetAttributeValue, como se ha explotado libremente en Abril y Mayo de 2009."
}
],
"id": "CVE-2009-1807",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-28T20:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cisrt.org/enblog/read.php?245"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cisrt.org/enblog/read.php?245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1392"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-27 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.62:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAFC8B7-8A7B-4A60-93F6-CDA6413F1991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en medialib.dll en BaoFeng Storm v 3.9.62, permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de ruta largo en el atributo \"source\" de un elemento \"item\" en un archivo de lista de reproducci\u00f3n .smpl."
}
],
"id": "CVE-2009-2617",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-27T18:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124624413120440\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124627617220913\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35592"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124624413120440\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=124627617220913\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35512"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-11 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F52CD8D-3166-4A06-BB43-B7DEE653FBDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_10:*:*:*:*:*:*:*",
"matchCriteriaId": "BD543322-FB0F-45E0-9E93-347425B470BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF09EE7-F241-4EDE-8266-FD2413C6E1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93399125-BFCD-4EEC-B187-3E89A8DB82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.3_25:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC200C6-F6EB-4F14-9D58-4112C8078B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.3_30:*:*:*:*:*:*:*",
"matchCriteriaId": "21F85752-B5F0-4360-AE95-ECC7B6F72BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.4_17:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C704D6-6BF0-4C71-8AB8-35FC13C80FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.4_27:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEA74EA-14ED-4586-B437-FF92D21A0132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el control ActiveX de MPS.StormPlayer.1 en la biblioteca mps.dll versi\u00f3n 3.9.4.27 en Storm de Baofeng, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un argumento largo en el m\u00e9todo OnBeforeVideoDownload, como se explot\u00f3 \u201cin the wild\u201d en abril y mayo de 2009. NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros. NOTA: m\u00e1s tarde se inform\u00f3 que versiones 3.09.04.17 y anteriores tambi\u00e9n est\u00e1n afectadas."
}
],
"id": "CVE-2009-1612",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-11T20:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34944"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisrt.org/enblog/read.php?245"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34789"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisrt.org/enblog/read.php?245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-11 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF09EE7-F241-4EDE-8266-FD2413C6E1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93399125-BFCD-4EEC-B187-3E89A8DB82D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en el control ActiveX BaoFeng2 storm en Mps.dll permiten a atacantes remotos tener impacto desconocido mediante un valor largo de (1) URL, (2) la propiedad backImage, o (3) la propiedad titleImage; (4) un primer argumento largo para el m\u00e9todo advancedOpen; un argumento largo para el m\u00e9todo (5)isDVDPath o (6)rawParse; o (7) un archivo .smpl con un atributo path (ruta) largo en un elemento item de una lista de reproducci\u00f3n (PlayList)."
}
],
"id": "CVE-2007-4816",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-11T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40491"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26749"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.milw0rm.com/sploits/09082007-storm.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25601"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3111"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36540"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36542"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36543"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.milw0rm.com/sploits/09082007-storm.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4375"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}