Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-1612

Published: 11/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Storm

Vulnerability Summary

Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote malicious users to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and previous versions are also affected.

Vulnerable Product Search on Vulmon Subscribe to Product

baofeng storm 2.9

baofeng storm 2.8

baofeng storm 2.7.9_8

baofeng storm 3.9.4_27

baofeng storm 3.9.3_30

baofeng storm 3.9.4_17

baofeng storm 2.7.9_10

baofeng storm 3.9.3_25

Exploits

Exploit DB: BaoFeng Storm - 'mps.dll' ActiveX OnBeforeVideoDownload Buffer Overflow (Metasploit)
## # $Id: baofeng_storm_onbeforevideodownloadrb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## requir ...
Exploit DB: BaoFeng - ActiveX 'OnBeforeVideoDownload()' Remote Buffer Overflow
# # BaoFeng (mpsdll) Remote Code Execution Exploit # By: MITBOY # Download: wwwbaofengcom # # Problem DLL : mpsdll # Problem Func : OnBeforeVideoDownload() <html> <body> <object classid="clsid:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB" id="target"></object> <input type="button" onclick="test()" value="test" /&g ...

References

CWE-119http://secunia.com/advisories/34944http://www.securityfocus.com/bid/34789http://www.cisrt.org/enblog/read.php?245https://www.exploit-db.com/exploits/8579https://nvd.nist.govhttps://www.exploit-db.com/exploits/16553/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook