CVE-2009-1612
Published May 11, 2009
Last updated 7 years ago
Overview
- Description
- Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F52CD8D-3166-4A06-BB43-B7DEE653FBDB"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD543322-FB0F-45E0-9E93-347425B470BA"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF09EE7-F241-4EDE-8266-FD2413C6E1AE"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93399125-BFCD-4EEC-B187-3E89A8DB82D2"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.3_25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEC200C6-F6EB-4F14-9D58-4112C8078B78"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.3_30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21F85752-B5F0-4360-AE95-ECC7B6F72BA3"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.4_17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5C704D6-6BF0-4C71-8AB8-35FC13C80FC4"
},
{
"criteria": "cpe:2.3:a:baofeng:storm:3.9.4_27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EEA74EA-14ED-4586-B437-FF92D21A0132"
}
],
"operator": "OR"
}
]
}
]