cbcvebase.
CVE-2007-5064
published 2007-09-24

CVE-2007-5064: Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote…

PriorityP261medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.88%
88.9th percentile
Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.

Affected

1 ranges
VendorProductVersion rangeFixed in
xunleiweb_thunder

Detection & IOCsextracted from sources · hover to see the quote

versionXunlei Web Thunder 5.6.9.344
filenameDapPlayer_Now.dll
urlhttp://11v.name/server.exe
  • The vulnerable method is DownURL2 on the DapPlayer ActiveX control (DapPlayer_Now.dll). Monitor for invocation of this method with an abnormally long first argument from a browser process (Internet Explorer).
  • The exploit targets Xunlei Web Thunder 5.6.8.344 / 5.6.9.344. Presence of DapPlayer_Now.dll loaded in iexplore.exe is a high-fidelity indicator of exposure.
  • ·The exact ActiveX CLSID for DapPlayer_Now.dll is not specified in the sources; the DLL name is inferred from third-party information and should be confirmed before building kill-bit or registry-based detections.
  • ·The NVD entry lists version 5.6.9.344 while the SecurityFocus PoC references 5.6.8.344; both version strings should be included in version-based detection rules.

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.