Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2970

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2970
Last Modified 20 Oct 2009 12:00:00
Published 19 Oct 2009 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2970

Summary

Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.

Vulnerable Systems

Application

  • Baidux

  • Uitv Uiplayer


References

BUGTRAQ - 20091016 NSFOCUS SA2009-01 : UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability

MISC - http://www.nsfocus.com/en/advisories/0901.html


Last Updated: 27 May 2016 10:51:04