CVE-2007-6402

2007-12-1718:46:00

CWE-119

mitre

web.nvd.nist.gov

cve-2007-6402

media player classic

mpc

buffer overflow

3ivx

4.5.1

5.0.1

remote code execution

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.887

Percentile

98.8%

JSON

Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401.

Affected configurations

Nvd

Node

3ivxmpeg-4_codecMatch4.5.1

3ivxmpeg-4_codecMatch5.0.1

guliverklimedia_player_classicMatch6.4.9.0

VendorProductVersionCPE
3ivxmpeg-4_codec4.5.1cpe:2.3:a:3ivx:mpeg-4_codec:4.5.1:*:*:*:*:*:*:*
3ivxmpeg-4_codec5.0.1cpe:2.3:a:3ivx:mpeg-4_codec:5.0.1:*:*:*:*:*:*:*
guliverklimedia_player_classic6.4.9.0cpe:2.3:a:guliverkli:media_player_classic:6.4.9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
3ivx	mpeg-4_codec	4.5.1	cpe:2.3:a:3ivx:mpeg-4_codec:4.5.1:::::::*
3ivx	mpeg-4_codec	5.0.1	cpe:2.3:a:3ivx:mpeg-4_codec:5.0.1:::::::*
guliverkli	media_player_classic	6.4.9.0	cpe:2.3:a:guliverkli:media_player_classic:6.4.9.0:::::::*