CVE-2009-1612

2009-05-1120:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-1612

stack-based buffer overflow

mps.stormplayer.1 activex

baofeng storm

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.936 High

EPSS

Percentile

99.1%

JSON

Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.

Affected configurations

NVD

Node

baofengstormMatch2.7.9_8

baofengstormMatch2.7.9_10

baofengstormMatch2.8

baofengstormMatch2.9

baofengstormMatch3.9.3_25

baofengstormMatch3.9.3_30

baofengstormMatch3.9.4_17

baofengstormMatch3.9.4_27

CPENameOperatorVersion
baofeng:stormbaofeng stormeq2.7.9_8
baofeng:stormbaofeng stormeq2.7.9_10
baofeng:stormbaofeng stormeq2.8
baofeng:stormbaofeng stormeq2.9
baofeng:stormbaofeng stormeq3.9.3_25
baofeng:stormbaofeng stormeq3.9.3_30
baofeng:stormbaofeng stormeq3.9.4_17
baofeng:stormbaofeng stormeq3.9.4_27

CPE	Name	Operator	Version
baofeng:storm	baofeng storm	eq	2.7.9_8
baofeng:storm	baofeng storm	eq	2.7.9_10
baofeng:storm	baofeng storm	eq	2.8
baofeng:storm	baofeng storm	eq	2.9
baofeng:storm	baofeng storm	eq	3.9.3_25
baofeng:storm	baofeng storm	eq	3.9.3_30
baofeng:storm	baofeng storm	eq	3.9.4_17
baofeng:storm	baofeng storm	eq	3.9.4_27