9.3
CVE-2007-4939
- EPSS 11.91%
- Veröffentlicht 18.09.2007 19:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginHeap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Guliverkli ≫ Media Player Classic Version <= 6.4.9.0
Verycd ≫ Stormplayer Version1.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.91% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://securityreason.com/securityalert/3144
http://www.securityfocus.com/archive/1/479222/100/0/threaded
http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt
http://secunia.com/advisories/26806
http://secunia.com/advisories/26807
http://secunia.com/advisories/26808
http://www.securityfocus.com/bid/25650
http://www.vupen.com/english/advisories/2007/3140
http://www.vupen.com/english/advisories/2007/3141
http://www.vupen.com/english/advisories/2007/3142
https://exchange.xforce.ibmcloud.com/vulnerabilities/36583