CVE-2007-6144
published 2007-11-27CVE-2007-6144: Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute…
PriorityP267medium6CVSS 2.0
AVNACMAuSCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.32%
87.1th percentile
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xunlei | web_thunder | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vulncheck6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h8fv-hhpf-m296: Heap-based buffer overflow in the PPlayer
ghsa_unreviewed·2022-05-01
CVE-2007-6144 [MEDIUM] CWE-119 GHSA-h8fv-hhpf-m296: Heap-based buffer overflow in the PPlayer
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
VulnCheck
xunlei web_thunder Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2007·CVSS 6.0
CVE-2007-6144 [MEDIUM] xunlei web_thunder Improper Restriction of Operations within the Bounds of a Memory Buffer
xunlei web_thunder Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
Affected: xunlei web_thunder
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://betanews.com/2008/05/19/ten-thousand-servers-hit-in-sql-injection-hack/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/39680http://secunia.com/advisories/27795http://www.nohack.cn/hacknews/20071119/1916.htmlhttp://www.sebug.net/exploit/2575http://www.securityfocus.com/bid/26536http://www.vupen.com/english/advisories/2007/3982http://osvdb.org/39680http://secunia.com/advisories/27795http://www.nohack.cn/hacknews/20071119/1916.htmlhttp://www.sebug.net/exploit/2575http://www.securityfocus.com/bid/26536http://www.vupen.com/english/advisories/2007/3982
2007-11-27
Published
Exploited in the wild