CVE-2007-3829

{"id": "CVE-2007-3829", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-17T21:30:00.000", "references": [{"url": "http://osvdb.org/37717", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37718", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25718", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25739", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/470913", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/916897", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24919", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35422", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35423", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37717", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/37718", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25718", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25739", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/470913", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/916897", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24919", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35422", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35423", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en (a) InterActual Player 2.60.12.0717 y (b) Roxio CinePlayer 3.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un atributo largo FailURL en el control ActiveX IAMCE (IAMCE.dll) \u00f3 (2) un atributo largo URLCode en el control ActiveX IAKey (IAKey.dll).\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T00:34:09.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:interactual_technologies:interactual_player:2.60.12.0717:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0D4F3E4-8FF4-40D3-A15C-DD6BDE6B28E1"}, {"criteria": "cpe:2.3:a:roxio:cineplayer:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFD17E2-8A0E-456D-B4EE-AC4BB443013B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}