CVE-2008-4384

Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/32140	Vendor Advisory
http://www.kb.cert.org/vuls/id/848873	US Government Resource
http://www.securityfocus.com/bid/31604
http://www.vupen.com/english/advisories/2008/2749
https://exchange.xforce.ibmcloud.com/vulnerabilities/45699

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iseemedia:lpviewer::::::::
	cpe:2.3:a:mgi_software:lpviewer::::::::
	cpe:2.3:a:roxio:lpviewer::::::::

History

No history.

Information

Published : 2008-10-07 20:00

Updated : 2024-02-28 11:21

NVD link : CVE-2008-4384

Mitre link : CVE-2008-4384

CVE.ORG link : CVE-2008-4384

JSON object : View

Products Affected

roxio

lpviewer

iseemedia

lpviewer

mgi_software

lpviewer

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-4384", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-10-07T20:00:17.280", "references": [{"url": "http://secunia.com/advisories/32140", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/848873", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/31604", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2749", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45699", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX MGI Software LPViewer (LPControl.dll), adquirido por Roxio y iseemedia, permite a los atacantes remoto ejecutar arbitrariamente c\u00f3digo, a trav\u00e9s de (1) url, (2) toolbar y (3) m\u00e9todos enableZoomPastMax ."}], "lastModified": "2017-08-08T01:32:36.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iseemedia:lpviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F6D98F4-A143-4D58-AB55-189EFD7DF1EE"}, {"criteria": "cpe:2.3:a:mgi_software:lpviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF5732B5-E262-4638-8B5B-5B751A2A94F1"}, {"criteria": "cpe:2.3:a:roxio:lpviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F79B6C-9359-4A48-8206-CE8FA305338A"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}