CVE-2007-4722
published 2007-09-05CVE-2007-4722: Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
10.07%
95.0th percentile
Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| move_networks_inc | move_media_player | — | — |
| move_networks_inc | qunatum_streaming_player | — | — |
| move_networks_inc | qunatum_streaming_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2v2g-7jx3-jq4g: Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001
ghsa_unreviewed·2022-05-01
CVE-2007-4722 [MEDIUM] CWE-119 GHSA-2v2g-7jx3-jq4g: Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001
Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods.
GHSA
GHSA-g9wf-7xj9-5gcj: Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2008-1044 [MEDIUM] CWE-119 GHSA-g9wf-7xj9-5gcj: Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.
No detection rules found.
Exploit-DB
Move Networks Quantum Streaming Player - Remote Overflow (SEH)
exploitdb·2008-01-08·CVSS 6.8
CVE-2007-4722 [MEDIUM] Move Networks Quantum Streaming Player - Remote Overflow (SEH)
Move Networks Quantum Streaming Player - Remote Overflow (SEH)
---
Move Networks Quantum Streaming Player SEH Overwrite Exploit
function Check() {
var buf = 'A';
while (buf.length
Unable to create object
# milw0rm.com [2008-01-08]
Exploit-DB
Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities
exploitdb·2007-09-04·CVSS 6.8
CVE-2007-4722 [MEDIUM] Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities
Move Media Player 1.0 Quantum Streaming - ActiveX Control Multiple Buffer Overflow Vulnerabilities
---
source: https://www.securityfocus.com/bid/25529/info
Move Media Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
These issues affect Move Media Player 1.0.0.1; other versions may also be vulnerable.
Move Networks Quantum Streaming Player SEH Overwrite Exploit
No writeups or analysis indexed.
http://osvdb.org/37778http://secunia.com/advisories/26600http://www.kb.cert.org/vuls/id/298345http://www.securityfocus.com/bid/25529https://exchange.xforce.ibmcloud.com/vulnerabilities/36433https://www.exploit-db.com/exploits/4868http://osvdb.org/37778http://secunia.com/advisories/26600http://www.kb.cert.org/vuls/id/298345http://www.securityfocus.com/bid/25529https://exchange.xforce.ibmcloud.com/vulnerabilities/36433https://www.exploit-db.com/exploits/4868
2007-09-05
Published