CVE-2007-0443

Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-07-021.html	Patch Vendor Advisory
http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0
http://www.securityfocus.com/bid/23567	Patch
http://www.securitytracker.com/id?1017937
http://secunia.com/advisories/22924	Patch Vendor Advisory
http://osvdb.org/34327
http://www.vupen.com/english/advisories/2007/1475
https://exchange.xforce.ibmcloud.com/vulnerabilities/33773
http://www.securityfocus.com/archive/1/466403/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:gracenote:cddbcontrol_activex_control:*:*:*:*:*:*:*:*

Information

Published : 2007-04-24 09:19

Updated : 2018-10-16 09:32

NVD link : CVE-2007-0443

Mitre link : CVE-2007-0443

JSON object : View

CWE

NVD-CWE-Other

Products Affected

gracenote

cddbcontrol_activex_control

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-021.html", "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-021.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0", "name": "http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/23567", "name": "23567", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1017937", "name": "1017937", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22924", "name": "22924", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/34327", "name": "34327", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/1475", "name": "ADV-2007-1475", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33773", "name": "cddbcontrol-activex-bo(33773)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/466403/100/0/threaded", "name": "20070420 ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0443", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-04-24T16:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gracenote:cddbcontrol_activex_control:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:32Z"}

9.3 /10