CVE-2008-4384

{"id": "CVE-2008-4384", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-10-07T20:00:17.280", "references": [{"url": "http://secunia.com/advisories/32140", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/848873", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/31604", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2749", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45699", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/32140", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/848873", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/31604", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2749", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45699", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en el control ActiveX MGI Software LPViewer (LPControl.dll), adquirido por Roxio y iseemedia, permite a los atacantes remoto ejecutar arbitrariamente c\u00f3digo, a trav\u00e9s de (1) url, (2) toolbar y (3) m\u00e9todos enableZoomPastMax ."}], "lastModified": "2024-11-21T00:51:33.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iseemedia:lpviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F6D98F4-A143-4D58-AB55-189EFD7DF1EE"}, {"criteria": "cpe:2.3:a:mgi_software:lpviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF5732B5-E262-4638-8B5B-5B751A2A94F1"}, {"criteria": "cpe:2.3:a:roxio:lpviewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F79B6C-9359-4A48-8206-CE8FA305338A"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}