CVE-2009-1087

Published Mar 25, 2009

Last updated 7 years ago

Overview

Description: Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pplive:pplive:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49260CE-96F2-4943-BEEE-61F4AB7A9EEA",
            "versionEndIncluding": "1.9.21"
          },
          {
            "criteria": "cpe:2.3:a:pplive:pplive:1.9.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F645AD9-D61F-4F50-9540-A40A7C95E462"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References