Lucene search

[email protected]CVE-2008-4664

HistoryOct 22, 2008 - 12:11 a.m.

CVE-2008-4664

2008-10-2200:11:52

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4664

buffer overflow

qvod player

activex control

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.189 Low

EPSS

Percentile

96.3%

JSON

Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

qvodqvod_playerMatch1.0.1

qvodqvod_playerMatch2.0.1

qvodqvod_playerMatch2.5.1

CPENameOperatorVersion
qvod:qvod_playerqvod qvod playereq1.0.1
qvod:qvod_playerqvod qvod playereq2.0.1
qvod:qvod_playerqvod qvod playereq2.5.1

CPE	Name	Operator	Version
qvod:qvod_player	qvod qvod player	eq	1.0.1
qvod:qvod_player	qvod qvod player	eq	2.0.1
qvod:qvod_player	qvod qvod player	eq	2.5.1

References

hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html

secunia.com/advisories/28494

www.securityfocus.com/bid/27271

exchange.xforce.ibmcloud.com/vulnerabilities/39675

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.189 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2008-4664

prion1 nvd1 cvelist1