Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6732

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-6732
Last Modified 14 Sep 2009 12:00:00
Published 13 Sep 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6732

Summary

Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.

Vulnerable Systems

Application

  • Claudio Matsuoka Extended Module Player 2.2.0

  • Claudio Matsuoka Extended Module Player 2.2.1

  • Claudio Matsuoka Extended Module Player 2.3.0

  • Claudio Matsuoka Extended Module Player 2.3.1

  • Claudio Matsuoka Extended Module Player 2.3.2

  • Claudio Matsuoka Extended Module Player 2.4.0

  • Claudio Matsuoka Extended Module Player 2.4.1

  • Claudio Matsuoka Extended Module Player 2.5.0

  • Claudio Matsuoka Extended Module Player 2.5.1


References

VUPEN - ADV-2008-0009

BID - 27047

MISC - http://aluigi.altervista.org/adv/xmpbof-adv.txt


Last Updated: 27 May 2016 10:46:37